In addition there should be an admin setting to enable "Remember me for 30 days" So the super paranoid admins dont get angry at you and can force 2FA every time for their users. I'm not worried about a hacker logging in from my computer. 2FA (for me) is about password leaks and brute force. Hackers logging in other locations that are not trusted.

I'd also like to see support for push services. Duo, Okta, Microsoft Authenticator. I dont mind 2FA every time if I can just hit approve.

Yes I agree! While I do appreciate the security, I do find it inconvenience to re-enter the code everytime I log into Mailgun so ended up disabling 2FA in favour of convenience using strong password.

Would be great if Mailgun's 2FA can use similar approach used by Facebook and Google Accounts by requiring 2FA after initial login. After login, no need to enter 2FA code again each time unless user completely logout from the system by clearing out the saved password in browser. Or at least request 2FA code once every 30 days.

Yes, this is normal practice with 2FA and it's very inconvenient to have to enter to code every time I want to log in.

It would be nice if 2FA remembered my browser so that I don't have to do it every single time I log in. That's how it works with Gmail and most other services that I use 2FA with. Having to use 2FA every time I log in is inconvenient enough that I won't use it here. At least twice I've configured it and turned it back off because it's such a hassle.

And since I have to log out and log in with a different email address for every single client that I help with mailgun, I need to log out and in with some frequency. (I can't remember if my log in times out so that I'd need to deal with 2fa every day.)

Another option would be to support Yubikey so that I could just push a button to log in.