Add (optional) Secret Key functionality (Like 1Password) or keyfile (Like Keepass)

It hasn’t been mentioned and this is my personal guess, so take it lightly:

If you look at Bitwarded Security Whitepaper, at the Login diagram that shows what’s on the client side and what’s on the server side, you will notice that the “Protected Symmetric Key” is stored on the Bitwarden servers (encrypted). What’s asked here (and AFAIK what 1Password does) is for that key not to be stored on the server-side at all, or to have a second symmetric-key component for the encryption. That would be a fundamental architectural change for BitWarden because it’d be a different security model.

It’s this diagram:

There may be some middle ground where the Master Password (+email) is accompanied by a second client-side secret stored on the app/device/browser, that would also feed into the master password hash. But that would then open a separate discussion about why BitWarden needs to hold the Protected Symmetric Key at all.

So as far as I understand the reason this isn’t being considered is that it’d need a different security model, potentially for little benefit since many people already consider BitWarden secure enough. If the latter changes then that’d be an incentive. IMO even doing the middle ground could help, but discussing it would start this discussion from scratch. Good enough is a reasonable approach and there are good points on both sides.

Again, this is my personal guess.