restart cookie expiration time of 2FA (Google Authenticator) after a successful login
It is already possible to have the cookie of the 2FA login expire after n days. But for admins who work on many servers, this still causes unnecessary extra work once that time frame expires. Because then they will be prompted to enter the 2FA code again, and this happens on all the servers they operate. It adds up to a lot of wasted work time.
Instead, the cookie expiration could be reset to n days after each successful login. Example: A user sets the expiration to 90 days, but on day 81 the user logs in without having to reenter the 2FA code. On day 82, 87, 89 and on day 92 he logs in again. For security it is clear that the user is a valid user with a valid longin only on days 81, 82, 87, 89, but then all the sudden not on day 92, because the 2FA cookie expired. This does not make sense. Why should a user who is frequently working on a server need to enter the 2FA again?
Implementing this feature will even improve security, because then admins could set a short cookie expiration time, e.g. four days. For a valid admin who logs in every day or every other day, this will go unnoticed, because with each login he will not be prompted to enter a new 2FA. But an illegal user will only have four days to e.g. steal and abuse the 2FA device while with the current solution, he definitely has more time.
Bitpalast GmbH
shared this idea
This is a valid request, so we'll look into it. There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features. Thanks in advance!
-- SH