Typically a user selects a checkbox like Trust this device for future logins because he or she wants to minimize the number of times they have to deal with two-factor authentication. Needless to say, that’s the whole idea behind trusted devices in the first place.
Nevertheless, it’s possible that a user might want to “untrust” a device and, by doing so, reinstate two-factor authentication. Depending on how you look at it, that’s a problem: there’s no way to deselect the Trust this device for future logins checkbox. In fact, after you’ve trusted a device you won’t see that checkbox again (at least not until the two-factor TTL has expired). Similarly, you can’t untrust a device by updating your user profile: user profiles don’t have anything to do with trusted devices.
As noted elsewhere, however, one of the ways that Hosted Login identifies a trusted device is by using cookies. If a user really wanted to untrust a device they could do this:
- Make an authorization request and go to the Hosted Login sign-in screen.
- Delete all the cookies associated with the sign-in screen.
That retriggers two-factor authentication and results in the following:
That said, we don’t recommend that users do this: deleting all your cookies will also make it impossible to log on to the site, at least at that particular moment. (To log on you’ll need to start over and make a new authorization request.) However, it’s useful to know how the trusted device process works. This knowledge can aid in troubleshooting as well: if a user wonders why his or her device is no longer trusted, asking if they’ve recently deleted all their cookies is a good place to start.