When enabling the Trusted Devices setting, users will be presented with a “Remember this device” option when entering their 2FA code. Users who add a trusted device will not have to use 2FA to log in when several conditions are met.
When this option is enabled and the user adds a trusted device, WP 2FA will deposit a cookie in the user’s browser. The cookie includes a TTL (Time To Live) that specifies how long the device will be remembered for and the device’s IP address, among other things. These parameters give you the option to place restrictions on how devices are remembered.
To get started with Trusted Devices configuration, navigate to WP 2FA > 2FA Policies
Important: If you want to enable Trusted Devices for a particular user role, make sure you set up a separate 2FA user policy for that role. Simply choose the user role you want to configure the option for from the user role drop-down menu. For more information, refer to Step 3.2 in the WordPress 2FA getting started guide.
- Allow the “Remember this device” user option - Enable this option to allow users to ask WP 2FA to remember their device.
- For how long should the plugin remember a device - Select the number of days the plugin will remember the trusted device. Once it expires, users will need to authenticate via 2FA again.
WP 2FA allows administrators to place further restrictions on how the ‘Trusted Devices’ cookies are used. These restrictions help keep things secure. By default, when a cookie is not found, WP 2FA will prompt the user to authenticate via 2FA. However, you can also instruct the plugin to request 2FA authentication when the user’s IP address does not match the IP address in the cookie.
- Only when cookie is not found - Select this option to ask for 2FA when the remember device cookie is not found. The Allow the "Remember this device" user option must be enabled
- When cookie is not found or when the cookie is found but the IP address is different - Select this option to ask for 2FA when the remember device cookie is not found, OR the cookie is found, but the IP address does not match.