2FA UX Enhancements - Push support and "Trust this device"

[square_eyes]

Quality of life 2fa feature request...

Checkbox to "Trust this device"

Ideally also support push 2fa confirmation to major authenticator apps, though I gather that's significant complexity.

 

[square_eyes]

Any thoughts on this one? I'm entering OTP far too often.

 

[square_eyes]

(and I have arthritis)

 

[Johannes S]

The right place for feature requests is https://bugzilla.proxmox.com
Edit: Typo

 

[proxuser77]

If the web UI is publicly accessible (which is probably a bad idea in the first place), none of your suggestions are a good idea, imho. If it is only locally accessible, and only you or very few people you trust need access, you could consider leaving 2FA out altogether.

If a lot of people have access, either live with it, or hand out hardware tokens and use WebAuthn, or use a password manager like Bitwarden, which can also store TOTP tokens, because all other "easy to use" 2FA solutions like email, push, SMS, or workarounds such as “Remember me” are potentially insecure.

Alternatively, manage the authentication yourself with an OIDC provider such as Authentik and thus offer your users a secure (or less secure depending on your configuration, you decide) SSO solution.

 

[square_eyes]

Thanks, yes I got sick of entering OTP and implemented Webauthn. I had to also implement a valid ssl cert but it was worth it.

Bitwarden is Webauthn client and triggers flawlessly as 2fa. I'd prefer it be 1fa, like Gmail. So there is still a user/pass login but it's just an extra click as Bitwarden handles that as well.

 

[UdoB]

Off topic:

The right place for festiäure requests

We have 2025 and most people trust LargeLanguageModels for important decisions. At the same time auto correction of stupid typos is an unsolved problem.

Interesting times... :-(