IT Connect
Your connection to information technology at the UW

Use the “remember me” option

Use the “remember me” option to reduce how often you have to sign in with two-factor authentication (2FA) on the same web browser. It’s safe to use on trusted computers, and lasts for 30 days.

Recommended use

Use “remember me” on trusted computers

The “remember me” option is safe to use on computers and devices that you can trust to protect your browser. Examples include managed workstations at work, lab computers that require you to sign in, as well as personal computers, laptops, tablets, and mobile devices that protect your browser from use by others.

Do not use “remember me” on public or shared computers

The “remember me” option shouldn’t be used on computers and devices that don’t protect your browser, such as public or shared computers, and computers you don’t sign in to and cannot lock to protect your browser.

Frequently asked questions

What is the “remember me” option?

The “remember me” option is a feature of the UW Identity Provider (idp.u.washington.edu) that tells your browser to remember that you have confirmed your identity using your 2FA device. If you select this option, you won’t have to use your 2FA device as often on that browser. For example, if you use it on your computer at work, it reduces how often you have to sign in with 2FA at work; but your laptop at home will still ask you to sign in with 2FA.

Why would I want to use it?

The “remember me” option saves you time and reduces distraction by reducing how often you have to use your 2FA device. If you routinely use the Duo callback method, it also saves the UW money in telephony costs.

Is “remember me” safe? Doesn’t it defeat the purpose of 2FA?

The “remember me” option is safe to use on computers and devices that you can trust to protect your browser. It doesn’t defeat the purpose of 2FA because the convenience it provides is limited to each computer and browser that you choose to use it on. If you or anyone else tries to sign in with your UW NetID on a different computer or browser, 2FA will be required.

Where is “remember me” displayed?

The “remember me” option is displayed by the UW Identity Provider (idp.u.washington.edu) when you sign in with UW NetID on the web. On most browsers, it is represented as a checkbox that says “Remember me on this browser”.

Refer to How to sign in with 2FA for instructions on using the “remember me” option within the context of the overall sign-in experience.

Is the “remember me” option used for Microsoft sign-in?

No, when you sign in with UW NetID using Microsoft sign-in (e.g. for UW Office 365) it does not use the UW Identity Provider and its “remember me” option. Instead, Microsoft sign-in displays its own “stay signed in” option.

How long does it last?

The “remember me” option lasts 30 days. It saves a secure cookie on your browser to track the time until you need to use your 2FA device again.

Why is the “remember me” duration 30 days?

30 days is the current “remember me” duration because it is often enough to remind you that 2FA is turned on, but not so often to be annoying. While some institutions use shorter or longer durations, 30 days is a common duration at peer institutions.

How do I clear it on my current browser?

If the “remember me” option is enabled on the browser you’re using right now, go to idp.u.washington.edu/forgetme to clear the “remember me” option. To clear it on other browsers, repeat this process on each of them.

How do I reset it on a browser I no longer control?

If you enabled the “remember me” option on a browser you no longer control, contact UW-IT to have us reset it for you. This will clear it on all your browsers, including those you no longer control. Once it has been reset, you can enable it again on your current browser(s).

Note: if your computer is lost or stolen, and it is set up as one of your 2FA devices (for example, you use a tablet or smartphone for browsing and for Duo push notifications), refer to lost or stolen 2FA device for additional help.

How do I use “remember me” with Duo’s automatic “Send me a push” and “Call Me” methods?

If you have configured Duo to automatically send you a push notification or call you, the Duo screen and the “remember me” checkbox will be displayed in your browser until you approve the push or answer the call.  Just check the “remember me” box before completing the push or phone call.

Troubleshooting

I’m using the “remember me” option, and I still have to use my 2FA device more often than every 30 days. Why is that?

Some system owners require you to reauthenticate with 2FA every time you access their systems, regardless of your use of the “remember me” option. This can increase how often you have to sign in with 2FA. Other contributing factors include how many different computers you use, how many different browsers you use on these computers, whether or not you use the “remember me” option on all of them, how your browsers are configured to use cookies, and how often you clear your browser cookies.

Why do some system owners override the “remember me” option and reauthenticate me every time I sign in?

System owners decide to reauthenticate you based on what institutional and personal data they need to protect, and what threats and risks they need to guard against. Some of them reauthenticate you because they are concerned about unauthorized access from unattended browser sessions, and forcing you to reauthenticate is one way to reestablish that it’s really you.

Why isn’t the “remember me” option working for me? Are there things that prevent it from working correctly?

The “remember me” option requires the use of browser cookies, so it may not work as expected in these circumstances:

  • You cleared your browser cookies
  • You started using a different browser
  • You started using a different computer or device
  • You are using a private browsing mode
  • You disabled use of browser cookies
  • Your browser doesn’t allow cookies to be saved
  • You use a browser extension that blocks cookies
  • You are using 2FA with Microsoft sign-in, which has its own “stay signed in” option — learn more
Last reviewed July 16, 2020