We enabled two factor authentication for all our users, but noticed that when you login and type in your 2FA code there is an option to "remember this computer". If a user checks this, they are never asked for 2FA if they're logging in on the same device. This essentially allows the user to disable 2FA. The "remember this computer" option should be removed or at least require users to do 2FA authentication every 24 hours.