What is a trusted device and should I mark mine as trusted?

What "trusted" means

When you tick "Trust this device for 30 days" during 2FA prompt, we save a long-lived encrypted cookie that lets you skip the 2FA step on that exact browser, on that exact device, for 30 days.

Your password is still required on every login — only the 2FA step is skipped.

When to use it

• ✅ Your personal laptop at home that nobody else uses
• ✅ Your personal phone that's locked with FaceID/PIN
• ✅ Your work laptop if you're disciplined about screen-locking when stepping away

When NOT to use it

• ❌ A shared family computer
• ❌ Any public/library/internet-cafe terminal
• ❌ A friend's device ("just for one login")
• ❌ Any device you'd lose-but-not-immediately-notice

Revoking trust

Profile → Security → Trusted devices lists every device you've ever marked trusted, with last-use timestamp.

• Click Revoke to immediately invalidate the trust cookie. Next login on that device prompts 2FA again.
• Revoke all kills every trust cookie — useful if you've sold a device, are at risk of theft, or just want a fresh start.

What happens after 30 days?

The trust cookie auto-expires. You'll be prompted for 2FA on next login. You can then re-tick "Trust for 30 days" if you still want to.

What about cookie clearing?

Clearing your browser cookies (intentional or via a privacy extension) wipes the trust cookie. You'll be re-prompted for 2FA next login. This is intentional.

High-security alternative

For extra paranoid setups: never mark devices as trusted. Always enter 2FA on every login. Adds 5 seconds; eliminates the 30-day attack window.

For the truly paranoid: combine with a hardware key (YubiKey, Trezor) under Profile → Security → Add hardware key. The hardware key tap replaces both the password and TOTP entry for the cleanest secure flow.