Closed jacobian closed 10 years ago
Maybe this is a given, but this should be optional. Google's 2FA code form has a "remember this computer for 30 days" checkbox, for example.
@jclem :+1:
@jacobian you're only prompted for 2FA if you do heroku logout
and then log back in (whether that's with the same account) - I think that is the correct design. If I do logout
, maybe I'm on a shared computer or something, so prompting for 2FA again is correct.
We should only be prompting for a 2FA code every 30 days or so, rather than every time you auth. id.heroku.com does this, but the CLI doesn't.