OTP Delivery Method Selection for Two-Factor Authentication (2FA)
OTP Delivery Method Selection
Zenople’s Two-Factor Authentication (2FA) has been enhanced to offer users flexibility in choosing their preferred OTP (One-Time Password) delivery method to be setup in company level (moved from tenant to company level) —Email, SMS, or Both—via the “TwoFactorPlatform” option property (default: SMS). When "Both" is selected, users are prompted to choose their preferred method during the login process. If "Email" is selected as the sole option, the OTP is automatically delivered to the user’s registered email address. This functionality improves both accessibility and user experience.
To ensure security and prevent misuse, a resend cooldown is enforced, which is shorter than the OTP expiration time. All resend attempts are logged along with the user’s IP address, browser, and user ID to support monitoring and auditing efforts.
Device Recognition for Trusted Browsers
Zenople also supports browser-based device recognition through the “TimeOutIntervalForRememberedDevice” option property, which defaults to 30 days. When users select the "Remember this Device" option during login, the system stores their browser information, allowing future logins from the same browser to bypass the 2FA prompt within the specified timeframe. Multiple browsers can be remembered independently.
During the initial login from a new browser, users are required to complete 2FA and will also receive a login verification email—regardless of the selected OTP delivery method. Once the browser is recognized and remembered, both the 2FA prompt and login verification email are suppressed for subsequent logins from that browser for the duration of the configured timeout period (default: 30 days).