Untrust a device

Typically a user selects a checkbox like Trust this device for future logins because he or she wants to minimize the number of times they have to deal with two-factor authentication. Needless to say, thatโ€™s the whole idea behind trusted devices in the first place.

Nevertheless, itโ€™s possible that a user might want to โ€œuntrustโ€ a device and, by doing so, reinstate two-factor authentication. Depending on how you look at it, thatโ€™s a problem: thereโ€™s no way to deselect the Trust this device for future logins checkbox. In fact, after youโ€™ve trusted a device you wonโ€™t see that checkbox again (at least not until the two-factor TTL has expired). Similarly, you canโ€™t untrust a device by updating your user profile: user profiles donโ€™t have anything to do with trusted devices.

As noted elsewhere, however, one of the ways that Hosted Login identifies a trusted device is by using cookies. If a user really wants to untrust a device they can do this:

  1. Make an authorization request and go to the Hosted Login sign-in screen.

  2. Delete all the cookies associated with the sign-in screen.

Doing that retriggers two-factor authentication and results in the following:

That said, we donโ€™t recommend that users do this: deleting all your cookies will also make it impossible to log on to the site, at least at that particular moment. (To log on youโ€™ll need to start over and make a new authorization request.) However, itโ€™s useful to know how the trusted device process works. This knowledge can aid in troubleshooting as well: if a user wonders why his or her device is no longer trusted, asking if theyโ€™ve recently deleted all their cookies is a good place to start.