I have a 2FA based on Yubico key. Here the case I have
- Start my phone
- Start Bitwarden app
- Enter Master PW
- Put my Yubico key close to my phone
- Now, I enjoy.
Up to step 5, this is expected behavior. Then…
- Press “Exit” using top right corner.
- Restart my phone completely
- Start Bitwarden app
- Enter Master PW
- Everything is available… (dawn it)
I re-started my phone and the bitwarden stuff is still AVAILABLE without 2FA???
The "exit"and “lock” do the same thing from my point of view: just single FA only. And the state remains even if I reboot my phone.
To re-enable 2FA on Android app, you need to press “Lock” than press “Log-out”. 2FA is for authentication… it is not for how many steps I need to do to re-enable it!
When you are using 2FA, log-off completely should NOT be difficult. That should be idiot proof. No matter if you press “exit” or you swipe out the window to kill the bitwarden application, 2FA should be required again
Ideally, it should have a auto log-off like discussed in another thread.
2FA should obviously required when your reboot your phone!
Strict minimum: Please add a “Log-off” button using the top right menu.