A Bitwarden blog mentioned the following:
Your Bitwarden Vault hopefully already has two-step login using some other method. (ie. do not use the Bitwarden Authenticator to protect your Bitwarden account.) Therefore it is currently protected with a high level of security and, in fact, two-step login.
Question: albeit seemingly counterintuitive to do this, what are the potential downsides of having…
- the MP in BW itself.
- the BW TOTP seed in a 2FA app as well as in BW itself?
If a remote individual without access to you laptop/PC or phone gains access to your BW vault, would this not indicate said person already has knowledge of your TOTP service key & MP to begin with?
Now, if this person had direct access to, say, your laptop with the BW vault left opened, I can see the advantage of not having a BW TOTP seed & MP stored in BW since this would prevent them from accessing BW from a remote location later on and making changes to the account that otherwise require authentication using your MP.
Note: I am not talking about securing BW using only Bitwarden. I’m talking about already using a 2FA app (I use 2FAS Auth) other than BW with the additional placement of the TOTP Seed & MP in BW.