Hi all,
Is there a way to enforce mandatory 2FA with the Family Plan? I noticed Bitwarden Web Vault, Clients, etc. will save remember devices and not prompt for 2FA upon subsequent sign ins. Is there a way to disable this behavior?
Thanks.
I guess there is no way to force 2FA for ALL logins?
Today users can bypass 2FA or certain clients seem to save 2FA details?
2fa only comes into play when logging in, not when unlocking. See this help doc to learn the difference. If you really want to use 2fa all the time, set your “vault timeout action” to logout.
Most of us rarely login and instead just lock and unlock (en/decrypt) the vault. Bitwarden considers logged in and locked to be completely safe.
Thanks for the suggestion - I selected “Log Out” in the Chrome extension, but when I log back in, it did not prompt for 2FA.
To force 2FA to be re-prompted for the Chrome extension I need to select “Deactivate All Logins” within the Web Vault?
Is there a way not to “remember” devices?
Yes, this is the only way to reset the “remember me” option. Alternatively, wait 30 days, after which the “remember me” option will have expired.
My understanding is that if you enable DUO 2FA for the organization, then this 2FA method will be required of all organization members.
Alternatively, you could use an enterprise policy as described below.
Besides refraining from checking the box for “remember me”? Not sure.
If you upgrade to an Enterprise plan, then you can configure various enterprise policies, one of which is Require Two-Step Login. However, I don’t know whether this disables the “remember me” option.