Thank you for your post!
You’re welcome, got it, and completed.
Feature name
- Fault Tolerance for MFA Master Password Reset
Feature function
-
Allows user to reset their master password via e-mail, SMS phone number, crypto key (Ubikey, Google key, etc.) and preset software authenticator (Authy, OTH, etc.)
-
2FA: Reset must include 2 different means. For example: e-mail + SMS phone
-
3FA: Reset must include 3 different means. For example: e-mail + Ubikey + SMS phone.
-
User may store multiple e-mails, phones, keys, authenticators as options.
-
User discretion as to which
-
This approach makes it exceedingly difficult for hackers to break in while making it exceedingly easy for users to reset lost or forgotten Master Passwords.
-
User-initiated 24-hour HOLD function (enabled or disabled at user’s discretion) using 1 less level. For example, if they chose 2FA, they can temporarily lock their Bitwarden account for password purposes using a single of any means at their discretion. If they chose 3FA, however, they will need to confirm via two means before Bitwarden locks their account.
-
When requesting lockout, user’s e-mail address are protected by displaying only the last three characters before their domain name or the last 2 digits of their phone number. Similar min-display security masks will be used for crypto keys and authenticators.
Related topics + references
- No known related topics appeared in multiple searches.
- This approach is used by some banks and financial institution to maintain high security while reducing the need for customer service calls and all but eliminating user headaches.