0
Not a bug

trust this device removes 2 factor authentication security.

mhighsmith 3 years ago updated by Ben Burner 3 years ago 9

Need a way to remove / disable this feature because it removes 2 factor authentication security. Version 6.3

ConnectWise Control Version:
19.3
Server Affected:
Host Client Affected:
Guest Client Affected:

Answer

Answer
Not a bug

Good morning,


You can disable "trust this device" functionality in 6.3 by setting the value of TrustDeviceExpireDays in your web.config to 0 (the default is 30):


<add key="TrustDeviceExpireDays" value="0" />

Once this value is set to 0, all otp users will be required to enter a one-time password every time they log in, regardless of whether or not they select "Trust this device".


Regards,

Ben

Answer
Not a bug

Good morning,


You can disable "trust this device" functionality in 6.3 by setting the value of TrustDeviceExpireDays in your web.config to 0 (the default is 30):


<add key="TrustDeviceExpireDays" value="0" />

Once this value is set to 0, all otp users will be required to enter a one-time password every time they log in, regardless of whether or not they select "Trust this device".


Regards,

Ben

thanks for the information

Every time I login, I have to do TFA login, even if it's within 24 hours. 'Trust this device' doesn't work.  And this is for Firefox. Regardless of what PC I am.


Checked my TrustDeviceExpireDays. It is set to 30.


Drives me nuts.

Good morning,


On what version of Control are you experiencing this behavior? Which TFA provider are you using?


Regards,

Ben

Version 6.4.15361.6527.  TFA client I use is Authy - but that shouldn't make a difference.

This has been happening every since I joined, so I don't think the version number has had any effect either.

So you're using Authy + Google TFA? I was unable to reproduce this behavior in our dev environment. Are you using a cloud instance of Control or are you using an on-premise install? If on-premise, what OS are you using to host Control?


Cheers,

Ben

Cloud Based. Just a basic standard setup - I joined earlier this year and haven't really customized much at all.

Yep, using Authy - not sure how Google TFA comes into play, if at all.


Maybe I'll try disabling TFA and re-enabling it.

Sam,


Thank you for providing an update. Can you confirm you're attempting to log into your instance of Control as the Cloud Account Administrator? We previously registered an issue where the "Remember this Device" functionality doesn't work if a user attempts to log into a cloud instance using their Cloud Account Admin credentials with TFA. The issue should be resolved in the next release of Control.


In the meantime, you can set up a TFA-enabled internal user on your Control instance instead of signing into instances as Cloud Account Admin. More info on setting up TFA for internal users is available here:


https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Administration_page/Security_page/Enable_two-factor_authentication_for_host_accounts


Regards,

Ben

I think I figured it out.

I was using my bookmark of https://[instance/name].screenconnect.com/Login?ReturnUrl=%2fHost open the site. Using this forces TFA every time.


However, this URL https://cloud.screenconnect.com/#/ does not seem to force you to TFA every time.

However, by using this URL, it's a few extra clicks to get to my sessions.



Commenting disabled