How to customise the skip MFA enrolment period from default 30 days to 14 days after initial enrolment?

The requirement is to change the default skip MFA enrolment period (“Remember me for 30 days” period) of 30 days to 14 days.
I tried with the last_login attribute but this got a flaw. The rules are always executed after the password login. So the last login time is always set, even if 2FA is not completed. So a refresh will bypass the 2FA.

function ( user, context, callback ) {
  var FOURTEEN = 14 * 24 * 60 * 60 * 1000;
  user.app_metadata = user.app_metadata || {};

 if (user.user_metadata && user.user_metadata.mfa_enabled) {
 	var last_login = user.app_metadata.last_login;
   
   if(!last_login || last_login < (Date.now() - FOURTEEN )){
   user.app_metadata.last_login = Date.now();  
   auth0.users.updateAppMetadata(user.user_id, user.app_metadata);
     
     context.multifactor = {
     	provider: 'any',
       allowRememberBrowser: false
     };
  }
 }

  callback( null, user, context );
}

Is there a way to change this setting without letting the users bypass the MFA flow?

1 Like