Hi,
Maybe its an cool feature to create 3fa because I store as well, 2fa codes in there because I am kinda lazy, I have 2fa on my account now, but for extra security, 3fa maybe an good option like, an Authenticator app and Email code to get in.
You log in, not that often, just lock the Vault in the extension, or the Android app.
Kind Regards,
Larsmeneer
This could make sense if you are a high risk target. For example, Binance does this. But, it’s an unusual practice. For cloud-based password managers, the 2FA doesn’t secure the online vault. Its purpose is to give permission for your device to receive the vault - it’s really only device authentication, which is why you always see the “Remember Me” checkbox defaulted with a check on services because how many times do you need to authenticate your device? Your Master Password then decrypts the vault. So, multiple forms of 2FA have limited value. For example, how many times does someone need to authenticate their device to log into a single session? “First factor: Is this device authenticated to receive the vault? You: Yes. 2nd Factor: Are you sure? You: Yes again. Password: Okay, here’s your encrypted vault, now type your password and I may let you in your vault if you type it correctly.”
Someone who needs this level of security would typically already be using security keys. If you are using a security key, you can set a PIN of any length which will effectively act as your 3FA (PIN+tap key+type password). The PIN affords protection from local attacks; the tap affords protection from remote attacks. Alternatively, if your data needs such heightened security that you need 3FA, you may be a good candidate to be using a non-cloud password manager such as Keepass so you can secure the vault yourself in encrypted offline or local storage, away from a cloud-based blob of many accounts.