Remember My Device
The Remember My Device feature allows users to skip repeated Two-Factor Authentication (2FA) on trusted devices for a specific period.
Once a user successfully completes 2FA on a device, they can log in without being prompted for 2FA again on that device until the configured expiry time.
This feature is available in the Two Factor Authentication – 2FA / Passwordless Login module and is compatible with Drupal 8, 9, 10, and 11.
Prerequisites
Before enabling this feature, ensure:
- The 2FA module is installed and activated
- Navigate to: /admin/config/people/miniorange_2fa/login_settings
Setup Remember My Device
Follow these steps to configure the feature:
- Navigate to 2FA Policy for End Users tab
- Scroll to the Remember My Device section
- Enable: Remember My Device checkbox
Configure Settings
1. Device Profile Expiry Time (in days)
- Define how long a device should be remembered
- After expiry → 2FA will be required again
2. Number of Devices Allowed
- Set how many devices can be remembered per user
- If the limit is exceeded:
- New devices will require 2FA
- Older remembered devices may no longer bypass 2FA
- Click on S
User Experience
- Open a new browser or private window
- Go to the Drupal login page
- Enter login credentials
Login Flow:
- User is prompted for 2FA
- User selects: Remember this device
- Completes authentication and clicks Verify
- User is successfully logged in
Subsequent Logins
- On the same device → 2FA is skipped
- On a new or unrecognized device → 2FA is required
How It Works
- The system stores a trusted device profile for the user
- Applies expiry and device limits as configured
- Ensures security while reducing login friction