Feature: Make default 30-day MFA Remember Browser Period Customizable.
Description: Currently you can either have users having to go through MFA checks every time they log in or once every 30 days.
It’s required for this number of days figure to be configurable.
Use-case: We are in the fintech domain and there are some trading institutions that require daily MFA requests. They would want to make sure that the MFA is needed only once a day.
When building a white-labelled product, it’s a value addition to have this figure configurable.
Going further, we’d love to see the option for a session-based MFA, that also expires with inactivity timeout.
Right now, the configurable inactivity timeout applies to the entire login session. Best is to persist 1FA (long lived login) but prompt for MFA on inactivity timeout or backgrounded session etc.