And I guess, in what way a device gets “whitelisted” at all - and how “persistent” that is (like recognizing a unique hardware configuration/condition?) or if it is easily “breakable” (like some of your examples for “other failure modes” show).
I also still have some hopes for this feature: Sign into Bitwarden with a passkey / "Login with passkeys" (for all BW apps) (as login-passkeys “with encryption” could be a secure way of logging in to all BW apps)