Confused: 2FA "trust" extends beyond 30 days (i.e., no logout after 30 days)

I am hoping someone could enlighten me about 2FA “trust” for Bitwarden apps and browser extensions.

Posts like the two below suggest to me that 2FA authentication can be “trusted” on a device/client for up to 30 days, meaning that one is not re-prompted for 2FA and only the master password is required to gain entry to their vault:

This behaviour appears to be true for the Bitwarden Web Vault, but I have been keeping a record of all my logins and when I am re-prompted for 2FA on different devices/clients. Surprisingly, I can see that 2FA is only required one time on Bitwarden mobile/PC apps and browser extensions (Firefox) on all my devices (2 x Windows PCs, 3 x Macs, 2 x Android devices) – that is, once one of these apps/extensions is “trusted” I am never required to enter 2FA again, unless I manually logout of Bitwarden.

Stated another way, I am not automatically logged out of Bitwarden apps or browser extensions after 30 days, so my 2FA trust appears to persist indefinitely, until I manually logout.

Is this expected behaviour?

Many thanks in advance to anyone who can help me understand how the apps/extensions are meant to behave regarding 2FA trust.

Any update on this ?? Or maybe any guideline of how its implemented ?

One possible explanation i can think of is if you unlock your vault with your master password and sync it regularly in those 30 days it will keep you logged in as the access token gets refreshed every time you sync or maybe in some specified intervals.
The 2FA trusted device token maybe set to be valid till 30 days. So if you haven’t totally unlocked it and synced it in last 30 days it would then may logout and ask for new auth token.

This is just my assumption don’t know if it really works that way. But would be good to know clarification regarding this.

Reference image of sync request.

Hi @Gaurav - my experience matches what you have suggested. Your 2FA trust is remembered until 30 days of inactivity on that client have passed, then you are prompted for 2FA again. Cheers!