Remember trusted device option for 2FA
in progress
Pearler Community
"i have a recommendation for pearler: when you log into the website it asks you for a 2FA authentication code (if you have it enabled)
selfwealth do the same BUT they give you the option to remember this device/browser for x days
I want my account secured to i enabled 2FA but my home computer should be able to sign in easily as a trusted device"
Hayden Smith
Hi everyone. An advanced feature allows you to extend your login session time. We are also going to add a feature to allow you to remove devices (and track devices with active sessions)
J
Jay
In terms of MFA options - can we please also include physical security keys? e.g. Yubikeys
Email & sms options could then be disabled for use as MFA but should be kept for account recovery purposes (e.g. give 1 week account recovery time after email / sms contact)
This post was marked as
in progress
Stuart
Related and a nice to have: a list of authorised devices that can be deauthorised and logged out remotely.
D
Declan Keyes-Bevan
Both please. I haven’t used the app enough to know the time out but on the desktop, it is annoying.
Steven Yu
both, if possible.
Hayden Smith
Question to all involved - is this specifically something you're looking for on Desktop or on mobile app?
A
Aaron
Hayden Smith: Ideally both please :)
Arturo Cedillo
Hayden Smith: both would be great.
James Russell
Hayden Smith: the mobile app seems to stay logged in already for me (as in, I’m not prompted for a 2FA code each time I open it). This is not the case for logging in via a browser.
So for me, the missing piece is a “remember device” option when logging in via a browser.
Cameron McGrath
James Russell Hayden Smith: One thing I'd add to this is that when you sign in via the website with 2FA enabled, you're prompted at initial login to enter your 2FA code. This then means that if you go to purchase shares etc, you are not asked to re-authenticate. However in the mobile app, you can log in but you are not immediately challenged for 2FA. As soon as you attempt to transact, you're blocked/challenged by a 2FA request. I'd suggest that the experience should be the same on both mobile and desktop (i.e. prompt for 2FA if needed at initial login).
M
Matt
Would be really good to see additional options for MFA added so we don't need to rely on SMS messages to login, e.g. An Authenticator App.
Hayden Smith
planned
A
Aaron
This! Without an app, the browser option with 2FA is the only way… without being able to remember the device, it’s a bit of pain! :)
Load More
→