This behaviour appears to be true for the Bitwarden Web Vault, but I have been keeping a record of all my logins and when I am re-prompted for 2FA on different devices/clients. Surprisingly, I can see that 2FA is only required one time on Bitwarden mobile/PC apps and browser extensions (Firefox) on all my devices (2 x Windows PCs, 3 x Macs, 2 x Android devices) – that is, once one of these apps/extensions is “trusted” I am never required to enter 2FA again, unless I manually logout of Bitwarden.
Stated another way, I am not automatically logged out of Bitwarden apps or browser extensions after 30 days, so my 2FA trust appears to persist indefinitely, until I manually logout.
Is this expected behaviour?
Many thanks in advance to anyone who can help me understand how the apps/extensions are meant to behave regarding 2FA trust.
Any update on this ?? Or maybe any guideline of how its implemented ?
One possible explanation i can think of is if you unlock your vault with your master password and sync it regularly in those 30 days it will keep you logged in as the access token gets refreshed every time you sync or maybe in some specified intervals.
The 2FA trusted device token maybe set to be valid till 30 days. So if you haven’t totally unlocked it and synced it in last 30 days it would then may logout and ask for new auth token.
This is just my assumption don’t know if it really works that way. But would be good to know clarification regarding this.