3

I use Google Chrome at both home and work. On both computers, I've checked the options "Keep local data only until you quit your browser" and "Block third-party cookies and site data". This means cookies are cleared between sessions, so I have to relogin to websites I use such as Gmail.

It happens my Google account is protected by 2 step authentication. When I login on a new computer, it asks me to insert my U2F security key https://support.google.com/accounts/answer/6103523?hl=en

The thing is, when I log in at work, it always ask me "Insert your security key" after typing my username and password. At home, it does not--it remembers my security key somehow. How does Chrome do that? I expected that information would be cleared with cookies when I close my browser. I don't mind, but I'd like to understand why Chrome behaves differently between home and work.

Improve this question
1
  • I'm not sure about the google process but usually there are cases where such places/computers are differentiated. Maybe your home computer is marked as a trusted device and as it is a regularly occurring login it's skipping it? Are both locations running the same chrome version? According to this article there shouldn't be a cache. :/
    – Seth
    Commented Aug 31, 2016 at 11:39

1 Answer 1

Reset to default
1
+50

Your home session is the one that would seem to be acting out of place. Are you signed in on Chrome (Chrome settings) on both work and home as well?

One thing I've noticed personally is that on my work computer I am not signed in on Chrome with my Google Account. However, after 30 days I am forced to provide my 2FA code again for my Google Account to stay signed in on my work computer. At home, I am signed into Chrome with my Google Account, and I have only been asked once (the very first time) to provide my 2FA code. This leads me to believe its more than just cookies and local data that Google uses to identify browsers.

Google has not posted a technical analysis of how they handle those features persistence so unless a Google employee comments on it here (highly unlikely) I don't know if there is a solid answer.

Answer: I believe Google looks to Chrome as a form of identification, so if you are signed in with Chrome you won't need to provide a 2FA code.

Please let me know if that helps or needs further clarification.

Improve this answer
2
  • I'm signed into Chrome at home but not at work, so that would explain it.
    – Colonel Panic
    Commented Sep 6, 2016 at 13:08
  • I don't understand the "looks to Chrome as a form of identification". Since at the first login at home, 2FA was requested, and Chrome is configured to stay signed in to Google, then Chrome must be storing something somewhere when so configured. In other words, it shouldn't be Chrome as an entity by itself that suffices.
    – 0 _
    Commented Jan 21, 2017 at 7:57

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .