I am hoping someone could enlighten me about 2FA “trust” for Bitwarden apps and browser extensions.
Posts like the two below suggest to me that 2FA authentication can be “trusted” on a device/client for up to 30 days, meaning that one is not re-prompted for 2FA and only the master password is required to gain entry to their vault:
This behaviour appears to be true for the Bitwarden Web Vault, but I have been keeping a record of all my logins and when I am re-prompted for 2FA on different devices/clients. Surprisingly, I can see that 2FA is only required one time on Bitwarden mobile/PC apps and browser extensions (Firefox) on all my devices (2 x Windows PCs, 3 x Macs, 2 x Android devices) – that is, once one of these apps/extensions is “trusted” I am never required to enter 2FA again, unless I manually logout of Bitwarden.
Stated another way, I am not automatically logged out of Bitwarden apps or browser extensions after 30 days, so my 2FA trust appears to persist indefinitely, until I manually logout.
Is this expected behaviour?
Many thanks in advance to anyone who can help me understand how the apps/extensions are meant to behave regarding 2FA trust.