Unsurprisingly, CAPTCHAs were the most desired change.
Which we did! You should hopefully now only need to entire them 0-1 times per device and it'll remember. (Might need to enter again if you get pwd wrong.)
Conversation
let people generate an API-type key on desktop and then on mobile app scan the qr code and then session stays active. no need to remember pw or do any 2fa
1
1
Replying to
That's pretty reasonable, though when people are using mobile I'd guess they're not near desktop?
2
thats why the session persists, it's a one-time thing (ideal to let some1 manage sessions in desktop too)
1
can also set a lock-gesture on the app so that you're not insecurely leaving session naked in open but require gesture to re-enter