Guide: MFA Trusted Devices
How remembered devices skip MFA for bounded periods and how to revoke them.
- Users can choose Remember this device when verifying MFA challenge.
- Trusted-device cookie is HttpOnly and expires by policy (default 30 days).
- Revoking a trusted device forces MFA on next sign-in for that device.
- Disabling MFA revokes all trusted devices automatically.
- Review device list regularly in Account security panel.