2 min read AI-generated

Trusted Devices: Steer Claude Code Remotely? Prove Who You Are First

Copy article as Markdown

Anthropic is hardening remote control for Claude Code. With Trusted Devices, admins can require a device to be verified before it can steer local sessions on the go — via Face ID or a passkey, and without any biometrics ever leaving the device.

Featured image for "Trusted Devices: Steer Claude Code Remotely? Prove Who You Are First"

Remote Control for Claude Code is handy: you start a session on your machine and keep steering it from your phone on the go. But that same convenience is also a way in — if a strange device suddenly gets access to your local session, “local” quickly becomes “anywhere.” Anthropic is now putting a lock on that door.

What Trusted Devices does

Trusted Devices is an organization-wide setting for Team and Enterprise plans. When it’s on, members have to verify their device before they can view or steer a Remote Control session from claude.ai, the mobile apps, or Desktop. It’s off by default — an admin has to deliberately enable it under the Claude Code settings.

The clever part: verification is tied to a real sign-in. A device only lands on the trusted list when the sign-in is no more than 18 hours old — not silently in the background. After that, you confirm your presence with Face ID, Touch ID, Windows Hello, or a passkey, instead of signing in again every day.

Biometrics stay on the device

One point matters to me: Anthropic never receives or stores fingerprints, face data, or anything like it. All that’s stored is the device’s public key and a bit of metadata — display name, platform, enrollment time. So your biometrics never leave your device. That’s exactly how you build security without turning it into a data-collection point.

For context: the setting applies only to Remote Control. Regular Claude chat, Claude Code in the terminal, and the API are unaffected. This is really about that one sensitive path — remotely steering a session running on another machine.

My take

This is one of those features nobody cheers for but that are exactly right. The more agentic and remote-controlled our tools become, the more the attack surface shifts away from the code and toward access. Trusted Devices recognizes that and answers it not with more password theater but with passkeys and local biometrics — convenient and secure at once. Yes, it’s still in beta; the direction is right. For teams that seriously use Remote Control, this is a no-brainer to switch on.

Sources: Claude Release Notes, Continue local sessions with Remote Control