Honestly I'm sorry but even internally with the power that the VSA has, I completely agree with their decision to require 2FA...

I would agree that 2FA needs to be enforced, but I would like to see them get the 30 day remembered device options working and or add some other authentication options like SAML.

Forget just 30 days. How about simply a trusted device?

I would prefer integration with O365 MFA, just because i could event control the authorizations easily with Azure.

I guess you don't use backup either on your devices because your network is impenetrable. Not the 1st MSP getting hacked.

The on-prem setup for remember devices will let you select 'Never Ask Again' but they have some issues/bugs with that to work out. Our current 30 day setting only lasts about 1 day.

cshockley

We have not received negative feedback regarding this.  If there are suggestions to our native/passly 2FA functionality with VSA, we definitely welcome that.

Sometimes it remembers me most of the time not. I can log out of a PC, come back an hour later and I am asked to authenticate again even if I check remember me.

I have 17 (just counted them) different accounts that require 2FA. It's become a way of life. Sure, it's an extra step, but I much prefer doing 2FA than explaining to the FBI, a hired cyber-security team, and Executive Management  that reason I didn't have mandatory 2FA  setup was because I was lazy.  Don't *ever* assume your K server is totally secure because your smarter than some genius, state sponsored threat actor. Be humble. It will serve you better.