Trusted devices — skipping the second factor on devices you sign in from regularly

When you complete a 2FA challenge, Turtini gives you the option to "Trust this device for 30 days". Checking that box stores a long-lived cookie on your browser and skips the second factor for the next 30 days on that exact device + browser combination.

When the trust prompt appears:
• Right after a successful TOTP or passkey challenge, on the same screen as "Sign in".
• An optional checkbox below the code field. Default is unchecked.
• Only shown on devices that haven't already been trusted within the last 30 days.

What "trusted" means in practice:
• On this browser, on this device, signed into this Turtini account — you skip the 2FA challenge entirely on next sign-in (you still type your password or use Google).
• Switching browsers, switching devices, or switching accounts each require a fresh 2FA challenge. Trust is scoped to one (browser, device, account) tuple.
• Clearing cookies removes the trust cookie. The next sign-in will re-challenge.

When trust is forced to expire early:
Trust auto-expires after 30 days. It can also expire sooner if any of these happen:
• You change your password or remove a 2FA factor.
• A security event fires on your account (sign-in from a new country, suspected compromise, etc.).
• You revoke the device manually (see below).

Reviewing and revoking trusted devices:
1. Settings → Two-factor authentication → Trusted devices.
2. The list shows each trusted device by browser + OS + city (best-effort) and the date it was last used.
3. Click "Revoke" next to any device to immediately invalidate that trust cookie. The next sign-in from that device will require a fresh 2FA challenge.
4. Click "Revoke all" to invalidate every trusted device at once — useful if you suspect any account compromise or if you want a full audit.

When NOT to trust a device:
• Public, shared, or borrowed computers (a friend's laptop, a hotel business center, an internet café) — anyone using that machine after you would inherit the trust.
• Devices you're about to sell, donate, or return.
• A new device you're testing — wait until you're confident it's yours to keep.

Recommended pattern:
• Trust your everyday laptop and phone — saves 30 seconds per sign-in.
• Don't trust a borrowed or shared device — type the code each time.
• Once a quarter, glance at Trusted devices and revoke anything you don't recognize.

Trusted devices and shared accounts:
Turtini doesn't support shared accounts (one set of credentials used by multiple humans). If a teammate is regularly signing into your account, give them their own org membership and credentials instead — the trust model assumes one human per account.