Disable 2FA “Remember me” login checkbox through policy
+1 i personally use yubikey bio, and prefer to be prompted every time so i dont tick that box, but would be a good option to force all to not allow that option
+1 Please add this feature. We do not want ours or any of our managed Organizations to have the opportunity to bypass 2FA/MFA .
+1 We also urgently wish to be able to disable the “remember me” feature so that users of our self-hosted installation cannot bypass 2FA.
+1 Critical Security Feature
+1 much needed feature
+1… This is a HUGE security issue if checked on personal devices!!
+1 - adding to the list of those who need this feature.
I voted for this, but I’m not sure it’s something at all within Bitwarden’s control, if it was the current method would still be working, but obviously Amazon is now setting it in such a way that’s it’s not detectable/modifyable. It doesn’t matter what Bitwarden does or what the policy is if the website simply chooses to ignore it.
Could you please elaborate on what Amazon is doing that would affect this?
I have no idea whatsoever, but I imagine it’s something similar to the field attribute that websites can apply that doesn’t allow values to be cut/pasted into a field, instead forcing manual entry. It could be as simple as that, with the browser honoring that attribute. Bitwarden can only act within the boundaries of what the browser allows based on attributes of the webpage/field, it’s Amazon’s choice not to allow that field to be overridden, it’s their webpage.
Corporations can probably already control this by having a browser policy that forces cookie deletion or flushes the browser cache at shutdown etc. You would be surprised at the controls that can be enforced on a corporate Windows PC.
Not sure I follow. What would be the problem if Bitwarden just hid/disabled the “Remember me” tickbox at the 2FA input screen?
As a new customer of Bitwarden Enterprise, I was surprised to find that this ‘Remember Me’ feature for the MFA prompt could not be disabled by policy. It has led to confusion from new users who are surprised that they don’t have to authenticate with Duo every time they restart their browser, and it always turns out they have ticked the remember me box when using Duo for the first time on their own (after initial onboarding and showing what to do) with Bitwarden.
