Remember 2FA for 2 days

Operating system | Rocky Linux 9.8
Webmin version 2.641
Usermin version 2.540
Virtualmin version 8.1.0 Professional
Authentic theme version 26.41.1

Hi Team

I know that I can modify the login info timeout via webmin > config > authentication > inactivity timeout (currently set 24hrs)

But is there a way to set the 2FA token to a longer period e.g. 2 days ?

No, that would defeat the idea of OTPs, which are short-lived.

That’s mixing up two different things.

The 2FA token is short-lived (and we can’t control that, it’s part of the protocol), but OP means that they don’t want Webmin to ask for 2FA every day. That’s an entirely reasonable request! Most software, like GMail and the like, gives the option to not ask again for 30 days.

I don’t think implementing that makes much sense, since most password managers these days handle both without issues.

Also, why even log out in the first place? On a trusted browser/machine, there’s no real need to sign out. And if the browser/machine isn’t trustworthy, allowing 2FA to be skipped for a month wouldn’t be secure at all. The whole idea doesn’t really add up.

What would really help is adding support for passkey authentication. @Jamie and I both have this on our to-do list as far as I know. I had planned to dig into it but never got around to it. Once we get Virtualmin 8.2.0 out the door and I finish up the Cloudmin 10 release, I’ll tackle it…

Yes that’s what I was thinking about. It is a trusted browser and machine, so would love to use my password manager to log me in and remember me for a longer period. But what’s the best way to set it up to stay logged in or not ask again for say 7days. As you say, many providers offer that now.

My password manager does remember the password of course, but does not handle remembering 2fa, if that’s what you mean?

If the browser/machine isn’t trustworthy, there is no security.

Have a look at the options on the “Webmin ⇾ Webmin Configuration: Authentication” page, as those are the exact ones that should be considered to address the problem you’re having.