Re-challenging users
You can configure the addon to re-challenge users after a period of time.
This is particularly useful when users use Statamic's "remember me" function.
After a given number of minutes, users will be prompted for a new two factor code. Until this challenge has been successfully completed, users will not be able to access the Control Panel.
User experience comes first
The last thing we want to have happen is uses to lose work - maybe they've been working on a large entry. We don't want them to hit "save" and lose their work because of a re-challenge attempt.
To work around this, POST/PATCH requests do not trigger re-challenge attempts.
This means that while a user has a view open (such as editing an Entry), they can keep that view open, and click Save without being interrupted. However on their next page reload (such as a GET request) they will be prompted to re-challenge.
This does mean that the validity period may be exceeded in certain cases - so instead of every hour, maybe it will be 61 minutes if their next action is a POST save. At this time though, any Statamic actions that attempt to load information (such as loading assets or browsing links) will not load. However the Save action will, so users should save, re-challenge, and then continue.