2FA- Allow remembering device

  • Resolved enkirch

    (@enkirch)


    1 year, 8 months ago

    Hi,
    I would like to know what exactly is stored in “Allow remembering device for 30 days” in relation to 2FA to recognize the user?

    Is it really the computer itself that is “stored”, or rather the IP address in combination with the browser (user agent).

    And how exactly does it work with smartphone. Is the “smartphone stored”, or also here IP address with used browser (user agent.)

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @enkirch, thanks for your message.

    Allow remembering device for 30 days
    When this option is enabled, users can click a checkbox to remember their device for 30 days. This sets a cookie unique to their device that will allow them to log in without using 2FA from that device and browser. This feature is for convenience, but it is less secure than requiring 2FA for each login.

    https://www.wordfence.com/help/login-security/

    As you can see, the cookie generation and device check is based on unique device information, but the plugin doesn’t store it.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘2FA- Allow remembering device’ is closed to new replies.