[Defender] Defender two-factor auth issue

Since I activated two-factor auth and changed the login page to something else than wp-admin last year, I've been dealing with this very annoying bug.

The bug: If it's been more than 3 days since my last login, I end up having to login twice. (see video at this link: https://www.screencast.com/t/Ev5rBW5uD ).

First time I login and enter the auth code I get this message: "Your session has expired because it has been over 3 days since your last login. Please log in to continue. So I have to login again and put the auth code… Very annoying.

Easy to replicate on a website:

1. login to admin dashboard

2. don't access the site for 3 days+

3. after 3days+ come back re-login

I would appreciate if this would be fixed. Thanks!

  • Chip
    • Flash Drive

    Hi Kasia

    It is set to 3 days.

    But the issue here is having to login and enter the auth code twice after that period.

    At least I guess it would make it easier for you to replicate the issue by changing “Manage Login Duration” to 1day.

    For now I’ll set it to 14 days until this issue is fixed.

    ON a second note:

    What would’ve been nice to have is an option to set a number of days like 15 or 30 during what time it won’t ask for auth code for trusted computers like MOST 2auth sites allow users – (google for example). All this while still having the session expire and having to re-login in a shorter time like 3 days for better security.

    Cheers!

    Chip

  • Patrick Freitas
    • Staff

    Hi Chip

    How are you today?

    It is set to 3 days.

    But the issue here is having to login and enter the auth code twice after that period.

    At least I guess it would make it easier for you to replicate the issue by changing “Manage Login Duration” to 1day.

    I was able to replicate this problem, also we already reported and the developers are working on a fix, I will add this as a new report and hope this be fixed soon.

    ON a second note:

    What would’ve been nice to have is an option to set a number of days like 15 or 30 during what time it won’t ask for auth code for trusted computers like MOST 2auth sites allow users – (google for example). All this while still having the session expire and having to re-login in a shorter time like 3 days for better security.

    Thank you for the feedback, it looks a nice feature, we try to keep the tickets separated by subject, wouldn’t you mind please, create a feature request for this feedback on a separated ticket and we can forward to developers.

    Best Regards,

    Patrick Freitas

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.