Foreword
Not sure where else to post, did some digging, did not finde matching threads nor issues. If wrong here, please advise. This is meant as scratchpad and shall spark discussion on the best way to do it – and hopefully draw attention to some devs that like to implement the idea. (I’m no dev.)
Situation
I use multiple nextcloud instances (own and managed by others) and on each of them, I use multiple 2FA. I prefer U2F/FIDO2, but only on my PC. So I turn on multiple 2FA ways (like U2F+AppNotifications, or even “all”, like U2F+TOTP+AppNotifications+E-Mail+SMS. Today, the login workflow is many entries and clicks.
Concerns
-
I’d like to have an option for my 2FA to be remembered even if I log out (as long as my cookies aren’t deleted).
-
Upon login, I want to avoid the additional step to choose which of those 2FA methods to use. I’d rather use the last one use, or the one configured as default.
Proposals
-
Provide a means to configure if 2FA shall be remembered independent from user logout.
-
Provide a means to select whether users shall always select or always be presented with the method configured as default or method from their last login. This may be an admin setting or a user setting (or both).
-
Modify the Twofactor flow in such way that (after username/password login) the user is presented with a (configured, see above) method directly, and the ability to call the selector dialog (wich currently is presented as soon as there are more than one option apart from Backup codes).