Stravax Engage recognizes the devices you've signed in from before. From an unfamiliar one, it asks you to prove it's really you: your two-factor code if you have that turned on, or a one-time code emailed to you if you don't. Your password is always required too, on every device, trusted or not.
| Situation | What you're asked for |
|---|---|
| New device, 2FA turned on | Your authenticator code or a backup code |
| New device, 2FA turned off | A 6-digit code emailed to you, valid for 10 minutes |
| A device you've already trusted (within 30 days) | Just your password |
| Signing in with Google | Google's own verification, no extra code |
Ticking it sets a 30-day marker tied to your account and that browser. On a device you've trusted, you skip the code step next time, your password is still checked every time regardless. Stravax Engage also emails you whenever a device gets trusted, so you'd notice if it wasn't you doing the trusting.
Open Profile and find the Trusted devices card. Each entry shows a label like "Chrome on Windows," when it was last used, and when its 30 days run out. Remove a single device from there, or remove every device except the one you're currently on. Removing a device means it has to verify again the next time it signs in.
Yes. Changing your password revokes every trusted device at once, including the one you're using right now. You'll be asked to verify again the next time you sign in, anywhere, and can mark devices as trusted again afterward. This is deliberate: if someone else had your password and a trusted device, a password change alone should still lock them out.
No. Signing in with Google skips this check, since Google has already confirmed you control that email address, see sign in with Google.