Will it be possible to add TOTP vault unlock for mobile apps (in addition to the existing biometric and PIN unlock)? For example, someone needs to use an external authenticator app to generate a one-time code to unlock the vault.
There are some devices that don’t have biometric sensors, and this secure option is not possible to unlock the vault. On the other side, the PIN option is not so secure, and I don’t think someone should use it. With TOTP, we have a secure option (when we store it on another biometrically protected device) which is leak-proof (temporary codes), simple (only 6 numbers, like a PIN), requires a second device, and is offline (doesn’t require an internet connection).
In my use case, I use an E-Ink device with no biometric sensors and an old Android. It is not convenient to use a vault password every time, especially to type it on a relatively slow E-Ink display. The PIN option is insecure for me. As a possible fix, I can log out every time from my account and log in with another device, but it requires an internet connection and it is not so convenient.
Such a system (TOTP vault unlock) can actually be used on all platforms. I believe most stationary PCs don’t have biometric capabilities (or they don’t work properly, like under Linux). There are some Android devices without biometric support, as well as devices where biometrics no longer work. In CLI applications or browser extensions, it could also be handy.