Simple question I hope.
I am on the Families Plan. Is there a way to enable 2FA for all accounts by default? I am the admin of my self-hosted instance and I am set up for DUO/Passkeys/YubiKey but i want my members of my family to at least be somewhat protected.
Is there a way to force 2FA and then have them select a method?
Policy enforcement is only available for business plans.
If you switch from self-hosted to Bitwarden-hosted, you will get access to New Device Login Protection, which is enabled for all users by default. With New Device Login Protection, an email verification code will be required as a second factor whenever any of your family members (or an attacker impersonating a family member) logs in to their Bitwarden account from a new device. For family members who enable a proper Two-Step Login method, the New Device Login verification is automatically waived.
Thanks so much for clarifying this for me!
And, among the business plans, it’s only available for the enterprise one (not for the teams one)
It should be mentioned that this New Device Login Protection can be disabled by a user if he chooses to do so.
I wouldn’t call this “a way to force 2FA”.
True, but for a non-technical family member who is unlikely to go through the steps of setting up Two-Step Login unless forced by policy, it would perhaps be reasonable to assume that they would not go through the steps necessary to disable NDLP…
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.