2 factor auth doesn't mean much if I can bypass it
October 8, 2019 8:47 AM   Subscribe

How do I force Google to ask for 2 factor authentication again on a known browser?

I briefly logged into my Google account on a work computer and went through 2 factor auth. I finished what I was doing and logged out assuming that it would force 2FA again so even if my employer is logging my passwords they still can't get into my account. I just logged in again and realized that since this is now a known browser Google bypasses 2FA. How do I log out more fully so Google requires 2FA on this browser again? I guess I can delete my cookies, but isn't there a "forget this browser" option?
posted by Tehhund to Computers & Internet (9 answers total) 1 user marked this as a favorite
There is -- I think if you go to myaccount.google.com/security and scroll down a bit, you'll get to a list of "your devices." You can delete any remembered device (including the one you're on right now) from it.
posted by tapir-whorf at 8:52 AM on October 8 [2 favorites]

Unfortunately that doesn't work - I signed in to Gmail, closed the browser, removed the device from that page, then opened the browser and signed in again. I had to re-enter my password, which is good, but it didn't ask me to repeat 2FA.

Testing this makes me realize there's a "don't ask again on this computer" checkbox on the 2FA page so as long as I get that right when I sign in I'm set. But if I get it wrong it seems there's no way to un-trust a browser except clearing cookies.
posted by Tehhund at 9:31 AM on October 8

If you use an Incognito tab for your email it should clean up after itself when you're done.
posted by bitdamaged at 9:36 AM on October 8

When you log out of your Google account, it gives you an option to "Remove an account." If you do this, the next time to try to access your Google account, you will need 2FA to log in. (I do this at work with Safari.)

EDIT - well, hold up. This used to work and does NOT anymore.
posted by roger ackroyd at 10:02 AM on October 8 [1 favorite]

I'm not positive that clearing the cookies will resolve this but if it does, why not just clear the cookies? In most browsers you can search for cookies that contain "google" and just delete those.
posted by 2 cats in the yard at 10:03 AM on October 8

I think this is it:

In the security link above if you click the 2-Step Verification button, put in your password again, then on the next page at the very bottom under "Devices that do not need a second step" click "revoke all."
posted by bluecore at 10:06 AM on October 8

Thanks for all the thoughts. Clearing cookies works to force 2FA again.

search for cookies that contain "google" and just delete those

Unfortunately I don't see a way to do that in Chrome. I can clear cookies for different timeframes, which is nice, except since I signed in a while ago that means signing out of lots of work-related sites that I've signed into since then. Not the worst thing in the world but it would be nice to just clear cookies for google.com and not have to sign in again to other sites.
posted by Tehhund at 10:39 AM on October 8

Hm. It's fairly buried. This is what I just found, poking around my own version of chrome. This is on a mac but I think it would be the same on a PC.

Go to Settings (in chrome)
Go to Site Settings (last item on the page)
Go to Cookies and Site data (near top)
Go to See all Cookies and Site Data (near top)
Search this page for google (or whoever's cookies you want to delete) and then click on "remove all shown" near the upper right.
posted by 2 cats in the yard at 11:33 AM on October 8 [2 favorites]

Possibly speedier cookie deletion: If you click the lock icon to the left of the url and select "Cookies" from the dropdown, it will open a window showing just the cookies in use for the current webpage and allow you to remove them from there.
posted by gennessee at 9:06 PM on October 9 [1 favorite]

« Older Help me remember this book?   |   Am I wrong to consider this orthodontist's billing... Newer »

You are not logged in, either login or create an account to post comments