Audit Your Trusted Device Lists for Greater Security

ByEmily Dolloff

One of the ways companies protect critical account information is by remembering the devices you use to log in as “trusted devices” or “authorized devices.” Those logins will usually have been protected by two-factor authentication or another mechanism that guarantees the device is being used by you, its owner. Subsequent logins from those devices may be more convenient for you due to requiring only a username and password, and trusted devices may automatically receive two-factor authentication codes. That’s how Apple ensures you are who you say you are when you log in to your Apple ID on a previously unseen device.

Although trusted devices can help increase your security, they can also reduce it. If an attacker were to gain access to one of your trusted devices, they would have a better chance of breaking into your accounts or masquerading as you when setting up new accounts. As a result, it’s important to audit your trusted devices occasionally and make sure you still control all of them. The first time you do this, you may be shocked to see that a Mac you last used years ago could still be receiving Apple ID verification codes. Removing unused trusted devices from an account makes it more secure with no downside.

We can’t provide a comprehensive list of services that track trusted devices, but many of you use two high-profile ones: Apple and Google. In addition, most password managers with online accounts also rely on trusted devices—we’ll look at 1Password here, but if you use another password manager, look through its settings to see if it maintains a list of trusted devices.

Remove Trusted Apple Devices

Apple gives you access to the list of all your current Apple devices in System Settings > Your Name on the Mac and in Settings > Your Name on the iPhone and iPad. (You can also log in to appleid.apple.com, click Sign-in and Security in the sidebar, and click Account Security.) Some of the devices shown may not be trusted devices—there isn’t much to worry about with a HomePod, and some old Macs may not be logged in. Click or tap any device to learn more about it—the 27-inch iMac in the screenshot below is trusted and can receive Apple ID verification codes.

Unfortunately, Apple doesn’t display the date the device was last used, which can help identify ancient devices. So look for any devices that you don’t immediately recognize as being in use—particularly Macs, iPhones, and iPads—and remove them from your account. Don’t worry about inadvertently removing a device you do use—at worst, you’ll have to log in to your Apple ID again the next time you use it.

Remove Trusted Google Devices

You can quickly load Google’s list of trusted devices by logging in to your Google account at myaccount.google.com/device-activity. To navigate there manually, go to your Google Account at myaccount.google.com, click Security in the sidebar, scroll down to find the Your Devices tile, and click Manage All Devices. Google says it keeps track of sessions (whenever you sign in) on trusted devices for only 28 days, but the sessions shown on “unknown device(s)” below are far older than that. Google helps by displaying the location and date of most sessions.

Click a session to learn more about it, including the date you first signed in on that device. For devices you no longer use, click Sign Out to remove access to your Google Account.

Remove Trusted 1Password Devices

To remove old trusted devices from 1Password, start by logging in to 1Password.com, clicking your name at the top right, and choosing My Profile—you can also navigate directly to my.1password.com/profile. As you can see, 1Password provides information about each trusted device and browser, showing its IP address, location, operating system version, and last access time.

It’s easiest to click Deauthorize Inactive Devices, at which point 1Password will ask if you want to deauthorize all devices that haven’t been used in the last 60 days. If you prefer a more targeted approach, click the gear next to a device or browser you want to remove and click Deauthorize Device in the dialog that appears.

Again, the only harm that could come from deauthorizing a device you still use is that you will have to log in to 1Password again.

After you’ve audited your Apple, Google, and password-manager trusted devices—and any other accounts you may have that maintain such lists—there’s no need to check again right away. Once a month or once a quarter would be sufficient for most people.

That said, if you ever notice any unusual account activity, look at your trusted device lists to ensure you recognize everything. If there’s a device you don’t recognize or one that was used at an unfamiliar place or at a time when you were otherwise occupied, immediately remove it and change that service’s password.

(Featured image by iStock.com/Ildo Frazao)

Social Media: We all accumulate “trusted devices” in our Apple, Google, and password manager accounts, but it’s important to remove devices you no longer use because they could be security risks.

Similar Posts

  • Get yourself some Dux

    What is a Dux you ask? Dux is a really great product line from STM and one that we are really excited to begin carrying here at Small Dog. This product line up has cases for your iPad and your computer and for the last week or so I have been testing out the Dux case for Macbook Air.

    My first impression is that it gives my computer a sharp new look. I feel as though my computer is highlighted more in this case. It features a primarily clear case and then a border that comes in an assortment of colors. The one I am using is black and it really looks sharp and sleek on the computer.

    I will be the first to admit that I am not a huge fan of hardshell cases for computers. They do add weight to your computer and they can be hard to put on and take off. However, this case did stand out to me as soon as I saw it and I immediately asked for a sample so that I could test it out. It’s the reinforced border that caught my eye. The plastic is slightly different from that of the clear case and really gives you a feeling of protection for your computer.

    Customers ask me all the time why someone might want a hard shell case, it’s a combination of accessorizing and protection. Hard shell cases are great for those who might like to sticker their computers. You can sticker all you want on a removable case and not damage your computer. For people who bring their computers everywhere it’s a great way to protect them from the dings and scratches that can happen just by pulling your computer in and out, especially those whom might fly a lot. One piece of advice I will give users of hardshell cases is that you still need to remove them! The idea and concept of hard shell cases is to provide added protection to your computer, to keep it looking like new under the case. However, if you don’t remove the case from time to time and clean the case and computer from dust and debris your computer will still get scratches. I have seen countless computers get just as scratched up with these kinds of cases than those without and the cause is always the same: dirt build up. This particular case comes on and off much easier than some others on the market making my recommended occasional cleanings much easier to perform. After all you’ve probably purchased a hard shell case to keep your computer looking new.

    Overall I am very happy with this case, but the biggest test is yet to come. I am flying to Arizona next week for an event with one of our vendors, and I’ll be keeping this case on my computer for my travels. The real test will be if I notice the added weight while making my way through airports, so far I haven’t really noticed the increased weight in my daily travels.

    P.S. Hadley, even if it means burpees and laps in an airport terminal I plan to maintain my lead in our competition. It’s ON!