This plugin lets you remember your web browser after a successful login. This trusted browser can then be used to skip the entire authentication, or just bypass second factors.
Only allow members of a certain group to remember their browsers
inGroup('trusted_users')
Only allow registering a trusted browser from a certain network
inSubnet('10.0.0.0/8', '192.168.0.0/16')
Only allow remembering the web browser if the authentication was strong enough
$authenticationLevel >= 4
You can use the $_trustedBrowser
session variable in 2FA rules, for example, as a TOTP activation rule
has2f("TOTP") and !$_trustedBrowser
means that TOTP will not be asked for trusted browsers