2FA does not save session need to enter code every time

  • Resolved élisson Costa

    (@nossileee)


    3 years, 8 months ago

    Hi, I started using defender free and it’s great!
    I would like to know if it is possible to leave the 2FA session saved on my machine as trusted for x days?

    Before, I used the 2Fas Prime plugin to authenticate the 2FA, but it doesn’t work with the defender and for that reason I had to disable it, and I had to use the defender’s 2FA, but I had to enter the 2FA code from the Authy app every moment, it ends up being a little uncomfortable.

    In 2Fas Prime it was possible to save known sessions so that you don’t need to type 2FA frequently, I saw that in Wordfence it is also possible to save for 30 days.

    Could you help me know how I can save the session for a few days?

    Thank you so much.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support Kris – WPMU DEV Support

    (@wpmudevsupport13)

    Hi @nossileee

    I hope you are doing good today.

    The main goal of 2FA is to protect your site more, so this is predicted behavior. Also, this depends on how you set up your Manage Login Duration in Defender, which forces you and your users to re-login to the site after certain days (this will trigger 2FA as well by default).

    Could you let me know more about this part?

    but I had to enter the 2FA code from the Authy app every moment, it ends up being a little uncomfortable.

    I was not able to replicate this on my lab after I closed my main browser (no cleared cache).

    Kind Regards,
    Kris

    Plugin Support Kris – WPMU DEV Support

    (@wpmudevsupport13)

    Hi again.

    Also, the default WordPress behavior for session login is 48 hours.
    If the “Remember Me” box was checked, WordPress will give you 14 days before forcing logout.

    Kris

    Thread Starter élisson Costa

    (@nossileee)

    I log in with my username and password and click “remember”, then ask for the 2FA token. Type and access the site’s admin panel.

    If I close the pages and open it again, it will ask for login, password and token again.

    I would like that yes, I could request a login and password (which I keep saved in the browser to autofill) but not request the 2FA token again.

    Thread Starter élisson Costa

    (@nossileee)

    Force Authentication (Force users to log in with two-factor authentication) = is disabled

    Thread Starter élisson Costa

    (@nossileee)

    Now I did another test, closed the pages, accessed the home page, the admin bar appeared, clicked on panel and entered the site’s admin, without needing the password.

    Maybe it should be that if I try to enter through the default login PAGE, it necessarily ends up asking for full access.

    I will try to follow this path.

    Hi @nossileee,

    I did some tests as well and couldn’t replicate your behavior even with the default login page.
    It’s possible that this is caused by something from your specific setup.

    Could you try performing a conflict test by disabling your other plugins and switch to default WP theme to see if the behavior changes after that?
    If it does, activate them back one by one until the issue is back and that should tell us where the culprit is coming from.

    I suggest doing this on a staging site, or if you don’t have one make sure to have site backup ready before doing the test on live installation.

    Cheers,
    Predrag

    Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    Hi @nossileee

    I hope you are doing well and safe!

    We haven’t heard from you in a while, I’ll mark this thread as resolved.

    Feel free to let us know if you have any additional question or problem.

    Best Regards
    Patrick Freitas

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘2FA does not save session need to enter code every time’ is closed to new replies.