8.0h-10 SurgeWeb - MFA granularity "per browser", so multiple surgeweb sessions the server sees as being on the same IP address will each need to enter a MFA code for added security. Automatically part of g_mfa_nicer 

8.0h-9 SurgeWeb - View all active trust tokens and logged in surgeweb sessions on this account from surgeweb Options - Preferences - Security Settings. MFA Trust tokens ("Trust this browser") and Automatic Login tokens ("Remember me") may be individually revoked (and associated sessions logged out), without access to the computer where the trust token was accepted. Other surgeweb sessions not associated with trust tokens may also be logged out the same way.

8.0h-9 SurgeWeb - MFA code via sms to phone option on the 2FA dialog (g_mfa_backup_sms + requires Twilio integration to be configured)

8.0h-8 SurgeWeb - MFA code via recovery email option on the 2FA dialog (g_mfa_backup_email)

8.0h-8 SurgeWeb - "Trust this browser" tickbox when entering 2FA code to trust this browser for a longer time period (cookie based, typically up to 30 days - g_mfa_webtrust_duration) and / or wider range of ip addresses (g_mfa_webtrust_scope single/country/global)

8.0h-8 SurgeWeb - Redesign of surgeweb login mechanism to fix a few oddities and support extra authentication features above

8.0h-7 Ability to add an application prefix to the 2FA email address as shown in the Authenticator app (g_pass_twofactor_prefix)

8.0h-7 SurgeWeb - The ability to require the use of MFA / 2FA in order to use surgeweb with intuitive ability to enable as part of the login sequence (g_mfa_require)

8.0h-7 SurgeWeb - Major redesign of MFA / 2FA when it comes to surgeweb. A more standard workflow of the 2FA code entry at login time - requested on demand only if needed and without having to re-enter username and password (g_mfa_nicer)