MFA Multiple Relogs
Hello,
I first want to say that the MFA is fantastic and a great security feature. Specially with the cell phone texting option turned on.
The only issue we are having is that there is no timer or ability to dictate when to require an authorization code. Due to how deverus works or any other web based program one has to sometimes reset or log out and log back in quickly to reset some pages.
Since there is no timer or way to authenticate a session, the code has to be sent multiple times when resetting the pages.
For example: I log into the system and authenticate. 4 minutes later I help a client and log into verocity in a separate tab. I then click on an admin page and it sends me to the log in screen because (oops forgot to use "return to admin site") . Now I have re-authenticate.
This is just one example of having to re-authenticate within a certain amount of time of just authenticating and wait for another text or email to get back in.
Would it be possible to have a timer for re-authentications.
Example: System detects i logged out and a timer starts. if I log back in within 3 minutes or close, the system will not require a re-authentication. If the time passes then of course it would be needed.
Thanks
-
Official comment
Hi Pierre!
We are glad to hear the MFA feature is proving to be an effective security update, and truly appreciate your feedback. The good news is our development team is already exploring a sort of "Remember Me" option which will securely extend your authenticated session, thus reducing how often you'll need to use the OTP!
Thank you for your understanding as we work to protect your sensitive information. We appreciate your patience and collaboration in this effort. Please let us know if we can assist further!
Comment actions
Please sign in to leave a comment.
Comments
3 comments