How “Trusted Devices” Work on Windows 10 (and Why You No Longer Need to “Trust This PC”)
Windows 8 asked you to “Trust This PC” after you signed in with a Microsoft account. This message is gone in Windows 10, replaced with a new “Trusted Devices” system that works differently.
How “Trust This PC” Worked on Windows 8
On Windows 8, you’d see a message asking you to “Trust this PC” after you logged in with your Microsoft account.This was a Microsoft account security feature. Only trusted PCs were allowed to synchronize sensitive data such as your saved passwords. Until you trusted a PC, your saved passwords for apps, websites, and networks wouldn’t synchronize to it. To actually trust a PC, you had to authenticate with a text message, phone call, or email sent to a phone number or email address associated to your Microsoft account.
In this way, the “Trust This PC” method was sort of a second layer of authentication. Microsoft allowed you to sign in with just your user account’s password, but you needed to authenticate with a second credential if you wanted full access to your Microsoft account.
A trusted PC could also be used to reset your Microsoft account password if you ever lost it. You wouldn’t need an alternative email address or a phone number. You could just sit down at a trusted computer and ask Microsoft to reset your password. This feature required the Internet Explorer web browser.
That’s why it was important to only trust private PCs you controlled, not public PCs. Even PCs you shared with other people shouldn’t necessarily have been trusted, as those other people could potentially use the trusted PC to reset your account password.
You could view a full list of trusted PCs on the Security Info page on the Microsoft account management website, removing any individual PCs you no longer trusted. You’d have to enter a name for each PC you trusted, and that name would appear in the list.
In Windows 10, however, all this changed. Microsoft has moved from a “Trusted PC” system that required Windows and Internet Explorer to a “Trusted Devices” system that doesn’t require any particular operating system or web browser.
How “Trusted Devices” Work on Windows 10 (and Other Devices)
Microsoft threw most of the Windows 8 “Trust This PC” design out in Windows 10. You won’t see the words “Trust this PC” or “Trusted PC” on Windows 10. This wording has even been removed from the Microsoft Account website.
When you sign into Windows 10, won’t be asked if you want to “Trust This PC”. Instead, if you’ve set up two-step verification for your Microsoft account, you’ll be asked to authenticate with a code provided to you via an app, text message, or email.
If you can’t authenticate using a secondary authentication method, it just doesn’t let you sign into your account at all. If you can sign in, all your passwords and other data will synchronize normally. You don’t have to “trust” the PC after you sign in to access all your data.
But it doesn’t end there. Even signing in with a Microsoft account and secondary authentication method doesn’t make a PC a “trusted device”.
Certain pieces of data associated with your Microsoft account–like your credit card number or account security settings–are marked extra sensitive. When you attempt to access or edit these details, you’ll be prompted for additional authentication.
For example, if you try to access the Microsoft Account security page, you’ll be asked to authenticate using a two-step verification app or by using a code sent to the phone number or secondary email address associated with your account. This doesn’t just apply to Windows 10. You’ll be asked to authenticate in the same way when accessing this page from a Mac, an iPhone, an Android tablet, or a Chromebook, for example.
You’ll see an “I sign in frequently on this device. Don’t ask me for a code.” checkbox when signing into a secure site like this one. If you enable this checkbox and sign in, Microsoft will make your current device as a trusted device. It doesn’t even have to be a PC–it could be a Mac, a tablet, or a phone.
When you mark a device as a trusted device by checking this box, it simply means that you won’t have to enter one of these codes the next time you access sensitive information–like your credit card number or account security settings–on that device. You should still only trust devices that you sign in on frequently and not check this box if you’re using someone else’s PC.
Head to the Microsoft Account security page, scroll down, and you’ll see a “Trusted devices” section. This section no longer lists the devices you’ve trusted, so there’s no way to tell how many devices you’ve trusted and remove them individually. According to Microsoft, there’s no limit to the number of devices you can trust at once.
Instead, if you’d like to remove one or more trusted devices, you have to click the “Remove all trusted devices associated with my account” link. Microsoft recommends you do this if you’ve lost access to one of your trusted devices–maybe you’ve sold or given away a PC, for example.
After you do this, you’ll have to enter a security code and click the checkbox on any formerly trusted PCs the next time you attempt to access sensitive information.
There’s no longer any way to use a “trusted device” to reset your Microsoft account password, as you could when Windows 8 was released.
Access the Microsoft Account Password Reset page and you’ll be prompted to use typical authentication methods like your email address, phone number, or authenticator app to confirm you’re the person who owns the account. You can freely “trust” devices without worrying they’ll be used to reset your password later.
You can manage which authentication methods are offered when verifying your identity from the Microsoft Account security page.
Any device you can sign into a Microsoft account from can access the same security features, and there’s no confusing “Trust This PC” prompt when signing into Windows 10 with your Microsoft account.
No comments:
Post a Comment