I have enabled 2fa with a FIDO u2f key, when I log out of the chrome extension and log back in I am challenged for the key successfully.
However, if I am logged out and I open the web vault URL I am not challenged for 2fa and I see the vault with just my master password?
I also have authenticator app enabled and the web vault does not ask for a OTP either?
Is this expected?