Hi,
I’d like to formally submit a feature request regarding vault security. While I currently use the “vault timeout action” set to logout after 2 minutes, I recently encountered a potential security issue that raised some concerns.
My laptop does not support biometrics — I rely solely on a PIN and the Master Password. Recently, there was an unauthorized attempt to unlock my vault, which highlighted the need for an additional layer of protection.
Feature Request:
Please consider adding an option for Two-Factor Authentication (2FA) — specifically, a One-Time Password (OTP) sent via email — as an additional security step when unlocking a locked or inactive vault, even if it remains decrypted in memory.
I understand the current design priorities and the concerns around usability, but for users who prioritize security over convenience, this would be a valuable optional feature.
This request is specifically for the Chrome extension, but could be beneficial across all Bitwarden instances.
Thank you for considering this request. I’d appreciate it if you could share it with the development team.
Kind regards,
Adrian