Trusted Devices allows users to “bookmark” their private devices. Once a device is trusted, the plugin will remember it, and the user won’t be asked for a 2FA code on that specific device for a set period.
Configuration Settings
As an administrator, you can control exactly how “trust” works on your site:
- Enable Trusted Devices: Use this toggle to turn the feature on or off site-wide.
- Trust Duration: Decide how long a device remains “trusted” before the user has to enter a 2FA code again (The recommended setting is 30 days).
- Maximum Devices Per User: To keep security tight, you can limit how many trusted devices one person can have (The recommended limit is 5 devices).
- New Device Notifications: When enabled, the plugin will send an email alert whenever a new device is added to a user’s trusted list. This is a vital security measure to alert users if someone else has accessed their account.
- Show Remember Checkbox: This adds a “Remember this device” checkbox directly on the 2FA verification page for your users.
Statistics
A quick-glance dashboard shows you the health of your trusted device ecosystem:
- Total/Active: See how many devices are currently recognized.
- Users: The number of unique members currently utilizing this feature.
- Revoked/Expired: Tracks how many devices have had their trust removed or have naturally timed out.
All Trusted Devices
This section lists every trusted device across your entire site. You can see the Device type, the User it belongs to, their IP Address, and when it was Last Used.
- Cleanup: Use this button to manually remove old or expired device data.
- Actions: Administrators have the power to manually “Revoke” any device at any time if a security risk is suspected.
Don’t forget to click “Save Changes” after adjusting these settings
