jclem
commented
10 years ago Maybe this is a given, but this should be optional. Google's 2FA code form has a "remember this computer for 30 days" checkbox, for example.
Closed jacobian closed 10 years ago
jclem
commented
10 years ago Maybe this is a given, but this should be optional. Google's 2FA code form has a "remember this computer for 30 days" checkbox, for example.
jacobian
commented
10 years ago @jclem :+1:
friism
commented
10 years ago @jacobian you're only prompted for 2FA if you do heroku logout and then log back in (whether that's with the same account) - I think that is the correct design. If I do logout, maybe I'm on a shared computer or something, so prompting for 2FA again is correct.
We should only be prompting for a 2FA code every 30 days or so, rather than every time you auth. id.heroku.com does this, but the CLI doesn't.