It is great that we have 2FA available for all Mastodon users - Definitely needed!
However, we all have to deal with many MFA requests every day throughout our digital lives, which for some of us creates MFA fatigue.
To ease the burden on everyone and boost MFA adoption I’d like to make the following suggestions:
1. Remember a trusted browser for 30 days
To implement this you’d need to put a cookie with some crypto on the browser and keep track of it on the server, so that the user can declare a browser as not trusted anymore.
2. Allow the user to add trusted IPs
Many of us login to Mastodon from places that we are often (like our workplace) that have a static public IP. It would be fantastic, if the user could add IP addresses to the list of trusted IPs, so Mastodon doesn’t ask for 2FA when user logs in from that IP.