A user’s account is registered to the PC on which they last entered a new password. This registration is done using a cookie. If a user then changes machine (or their browser) then the security protocols will not be able to find the correct cookie and will ask them to re-register through a link sent to their email account.