Trusted Devices

Trusted devices may skip some step-up prompts you would otherwise see on new browsers. Revoke trust when you sell, recycle, or lose hardware. Untrusted devices can still access the portal if they pass full authentication.

Registered hardware (3 devices)

Name Type Trust Added Last IP (masked)
Alex’s Windows PC Desktop Trusted 2024-11-02 142.***.***.118
iPhone 16 Mobile Trusted 2025-09-18 99.***.***.201
Work MacBook Laptop Standard 2026-02-01 192.***.***.044

Remote wipe and employer devices

If you use a workplace laptop, your organization may manage encryption and remote wipe independently. Revoking trust here does not erase employer-managed keys. For personally owned phones, enable disk encryption and screen locks before marking the device as trusted.

WebAuthn credentials are bound to origins; cloning trust to a phishing domain should fail if users only enroll on the real site. When retiring a device, remove both trusted status and any stored OTP seeds or password-manager vaults.

Sessions Sign in

Trusted devices — FIDO2, passkeys, and MDM

WebAuthn credentials are scoped to origin and rpId; cloning a key across phishing domains should fail.

Deleting a laptop trust entry should force step-up authentication on next login—unless your threat model allows “remember this device” grace periods.

Mobile device management in enterprises may block personal security keys or require attestation certificates.

Lost hardware keys need recovery plans; users should register more than one factor.

This site is an unofficial interface and is not affiliated with the Government of Canada.

Secure channel · Build 4.19.2 · production-sim