Some of Duo’s functionality, our company doesn’t need. Other Duo functionality we already have in some form from another vendor. There’s no reason why we should need to pay for functionality we already have / don’t need just to obtain the basic functionality – which many other products have – of being able to enforce 2fa on our users. The deficiency here is in Bitwarden lacking that feature, not in people not wanting to waste money on a product they don’t need in order to obtain it.
scifire91’s point about not wanting to use yet another form of authentication is also on point. We are trying to standardize on U2F / FIDO2 everywhere. We want to go in the direction of everything using hardware 2fa keys, not in the direction of relying on vendors.
We also don’t want to introduce an unnecessary point of failure in our infrastructure. If we are dependent on Duo, then that’s one more thing that can break and keep our users from working.
We also don’t want the extra cost of administrating yet another service. The dollars-and-sense cost of Duo isn’t the only cost; ongoing administration is a different cost. If Bitwarden supported enforcing 2fa, then that would have no administrative overhead whatsoever – we would simply turn on enforcement and be done with it.
Finally, you can laugh all you want about people who don’t want to spend the money, but the fact of the matter is that if we have to pay $6/user/month for Duo just to be able to enforce 2fa in Bitwarden, then that literally triples the cost of Bitwarden Enterprise, from $3/user/month to $9/user/month. That’s ridiculous.