0
Audit Your Trusted Device Lists for Greater Security | Computer Hardware

Audit Your Trusted Device Lists for Greater Security | Computer Hardware

One of the ways companies protect sensitive account information is to remember the devices you use to log in as “trusted devices” or “authorized devices.” Those logins will usually be secured by two-factor authentication or some other mechanism that guarantees that the device is being used by you, its owner. Subsequent logins from these devices can be easier for you by requiring only a username and password, and trusted devices can automatically obtain two-factor authentication codes. This is how Apple makes sure you're who you say you are when you log in to your Apple ID on a previously unseen device.

While trusted devices can help increase your security, they can also decrease it. If an attacker gains access to one of your trusted devices, they'll have a better chance of breaking into your accounts or masquerading as you when setting up new accounts. As a result, it's important to occasionally audit your trusted devices and make sure you still control them all. The first time you do this, you may be surprised to find that the Mac you last used years ago can still receive Apple ID verification codes. Removing unused trusted devices from an account makes it more secure without any downsides.

We can't provide a comprehensive list of services that track trusted devices, but many of you use two high-profile ones: Apple and Google. Also, most password managers for online accounts also rely on trusted tools—we'll look at 1Password here, but if you use another password manager, check its settings to see if It maintains a list of trusted devices.

Remove trusted Apple devices.

Apple gives you access to a list of all your current Apple devices in System Settings > your name On a Mac and in Settings > your name On iPhone and iPad. (You can also log in appleid.apple.com(Click Sign-in and Security in the sidebar, and click Account Security.) Some of the devices shown may not be trusted devices—not much to worry about with HomePod, and some older Macs may not be able to log in. are Click or tap on any device to learn more about it—the 27-inch iMac in the screenshot below is trusted and can receive Apple ID verification codes.

Unfortunately, Apple doesn't display the date the device was last used, which can help identify older devices. So look for any devices you don't immediately recognize in use—especially Macs, iPhones, and iPads—and remove them from your account. Don't worry about accidentally removing a device you use — at worst, you'll have to sign in to your Apple ID again the next time you use it.

Remove trusted Google devices.

You can quickly load a list of trusted Google devices by logging in to your Google account. myaccount.google.com/device-activity. To navigate there manually, go to your Google Account. myaccount.google.comClick Security in the sidebar, scroll down to find the Your devices tile, and click Manage all devices. Google says it only tracks sessions (whenever you sign in) on trusted devices for 28 days, but the sessions shown on “unknown devices” below are much older than that. Google helps by showing the location and date of most sessions.

Click a session to learn more about it, including the date you first signed in to that device. For devices you no longer use, click Sign out to remove access to your Google Account.

Remove trusted 1 password devices.

To remove old trusted devices from 1Password, start by logging into 1Password.com, clicking your name in the top right, and selecting My Profile—you can also go directly to it. my.1password.com/profile. As you can see, 1Password provides information about each trusted device and browser, showing its IP address, location, operating system version, and last access time.

It's easiest to click Deauthorize inactive devices, at which point 1Password will ask if you want to deauthorize all devices that haven't been used in the last 60 days. If you prefer a more targeted approach, click the gear next to the device or browser you want to remove and click Deauthorize Device in the dialog that appears.

Again, the only downside to deauthorizing a device you're still using is that you'll have to log in with 1 password again.

After you've audited your Apple, Google, and password manager trusted devices—and any other accounts you may have that maintain such lists—there's no need to recheck immediately. Once a month or once a quarter will be enough for most people.

That said, if you ever notice any unusual account activity, check your trusted device lists to make sure you recognize everything. If there is a device that you do not recognize or a device that was used in an unfamiliar location or at a time when you were otherwise occupied, remove it immediately and change the service password. do

(Featured Image by iStock.com/Ildo Frazao)

About the Author

Leave a Reply