1

I implementing a web application using laravel framework. I used twilio /Authy 2FA for adding an extra layer of security for users to make login their account. Authenticate with email and password they are asked for OTP to login, that is working fine. But now I want is their any solution for my problem- "If user login using 2FA then , they are not required OTP to next login for one month on same device. Means I did not want every user requested for OTP on every login from same device, and want also stores thier trusted device". please suggests me solution.

Is their any third party library or api that provide soltion of this problem.

Thank you

Lokendra Parihar
  • 121
  • 2
  • 13

1 Answers1

0

Authy developer evangelist here.

If you want to avoid users having to 2FA every time they log in then you'll want to drop a cookie that signifies that the user trusts this device. You can make the cookie live as long as you want, 30 days is probably a good idea here.

Then, when the user is logging in, check for the existence of the cookie, if it is there then there is no need to 2FA again. If the cookie isn't there, then present the 2FA flow.

Let me know if this helps at all.

philnash
  • 70,667
  • 10
  • 60
  • 88