When enabling this setting, users will be presented with a “Remember this device” option when entering their 2FA code. Users who add a trusted device will not have to use 2FA to log in when a number of conditions are met.
When this option is enabled, and the user adds a trusted device, WP 2FA will deposit a cookie in the user’s browser. The cookie includes a TTL (Time To Live) that specifies how long the device will be remembered for and the device’s IP address, among other things. These parameters give you the option to place restrictions on how devices are remembered.
- Allow the “Remember this device” user option - Enable this option to allow users to ask WP 2FA to remember their device.
- For how long should the plugin remember a device - Select the number of days the plugin will remember the device. Once it expires, users will need to authenticate via 2FA again.
WP 2FA allows administrators to place further restrictions on how the ‘remember device’ cookies are used. These restrictions help keep things secure. By default, when a cookie is not found, WP 2FA will prompt the user to authenticate via 2FA. However, you can also instruct the plugin to request 2FA authentication when the user’s IP address does not match the IP address in the cookie.
- Only when cookie is not found - Select this option to ask for 2FA when the remember device cookie is not found. The Allow the "Remember this device" user option option must be enabled
When cookie is not found or when the cookie is found but the IP address is different - Select this option to ask for 2FA when the remember device cookie is not found, OR the cookie is found, but the IP address does not match.