Use the "remember me" option to reduce how often you have to sign in with two-factor authentication (2FA) on the same web browser. It's safe to use on trusted computers, and lasts for 30 days.
The "remember me" option is safe to use on computers and devices that you can trust to protect your browser. Examples include managed workstations at work, lab computers that require you to sign in, as well as personal computers, laptops, tablets, and mobile devices that protect your browser from use by others.
The "remember me" option shouldn't be used on computers and devices that don't protect your browser, such as public or shared computers, and computers you don't sign in to and cannot lock to protect your browser.
The "remember me" option is a feature of Duo that tells your browser to remember that you have confirmed your identity using your 2FA device. If you confirm that "Yes, this is my device" when authenticating with Duo, you won't have to use your 2FA device as often on that browser. For example, if you use it on your computer at work, it reduces how often you have to sign in with 2FA at work; but your laptop at home will still ask you to sign in with 2FA.
The "remember me" option saves you time and reduces distraction by reducing how often you have to use your 2FA device. If you routinely use the Duo callback method, it also saves the UW money in telephony costs.
The "remember me" option is safe to use on computers and devices that you can trust to protect your browser. It doesn't defeat the purpose of 2FA because the convenience it provides is limited to each computer and browser that you choose to use it on. If you or anyone else tries to sign in with your UW NetID on a different computer or browser, 2FA will be required.
The "remember me" option is displayed by Duo when you sign in with UW NetID on the web. After providing your second factor for authentication, Duo will present you with a prompt asking if you would like to have this device remembered for future logins. Selecting "Yes, this is my device" sets the "remember me" status for Duo.
Refer to How to sign in with 2FA for instructions on using the "remember me" option within the context of the overall sign-in experience.
No, when you sign in with UW NetID using Microsoft sign-in (e.g. for UW Office 365) it does not use the UW Identity Provider and its "remember me" option. Instead, Microsoft sign-in displays its own "stay signed in" option.
The "remember me" option lasts 30 days. It saves a secure cookie on your browser to track the time until you need to use your 2FA device again. If your browser clears cookies this will remove "remember me" until you re-select it.
30 days is the current "remember me" duration because it is often enough to remind you that 2FA is turned on, but not so often to be annoying. While some institutions use shorter or longer durations, 30 days is a common duration at peer institutions.
If the "remember me" option is enabled on the browser you're using right now, clear your cookies for duosecurity.com. To clear it on other browsers, repeat this process on each of them.
If you enabled the "remember me" option on a browser you no longer control, contact UW-IT to have us reset it for you. This will clear it on all your browsers, including those you no longer control. Once it has been reset, you can enable it again on your current browser(s). Note: if your computer is lost or stolen, and it is set up as one of your 2FA devices (for example, you use a tablet or smartphone for browsing and for Duo push notifications), refer to lost or stolen 2FA device for additional help.
Some system owners require you to reauthenticate with 2FA every time you access their systems for security, regardless of your use of the "remember me" option (workday for example). This can increase how often you have to sign in with 2FA. If you find you are regularly asked for 2FA on some sites despite the "remember me" option, but not other websites this is likely the cause. Other contributing factors include how many different computers you use, how many different browsers you use on these computers, whether or not you use the "remember me" option on all of them, how your browsers are configured to use cookies, and how often you clear your browser cookies.
System owners decide to reauthenticate you based on what institutional and personal data they need to protect, and what threats and risks they need to guard against. Some of them reauthenticate you because they are concerned about unauthorized access from unattended browser sessions, and forcing you to reauthenticate is one way to reestablish that it's really you.
The "remember me" option requires the use of browser cookies, so it may not work as expected in these circumstances: