I am unsure where you can enable 2FA for desktop clients but if it doesn’t exist I think it would be a good feature to implement.
You’ll find 2FA in
Settings -> Two Step Login, caveat though, 2FA only applies for initial login. If you have remember credentials turned on, you won’t go through 2FA then on.
The second factor is only required when logging in, not when unlocking the vault, which are two different operations.
You log in the first time you use an app on a given machine. All further access to the vault require unlocking it, until you decide to log out.
I hope this example could make things easier to understand :
- You did not setup 2FA.
- The first time you use Bitwarden desktop on machine A : logging in (no 2FA required)
- You log in to the web vault and enable 2FA.
- The first time you use Chrome extension on machine A : logging in (requires 2FA)
- Subsequent use of Bitwarden desktop on machine A : unlock (does not require 2FA)
- You log out of BW desktop
- Next time you’ll want to use BW desktop, you’ll need to log in (requires 2FA)