Allow adjustable time for Two Factor Authentication - the default should require the pin to be required at each log in. The current setting is several days between prompts. Alternately this should at least be configurable to per logon, 1 hour, or 1 day etc as this is a security risk two factor authentication is support to mitigate.