Hello,
I would like to see an actually simple extension for Bitwarden: Forcing 2 2FA authentications at login.
Let me explain it with a fictional scenario:
I have a Bitwarden account with all my passwords + 2FA via auth app and email.
But now someone hacks my email address, finds out that the account is registered with Bitwarden and cracks my password there too. Then you have to pick one thing to get through the 2FA. Since the hacker already has access to my email account, the 2FA is useless in this case.
If you had to go through 2 2FA authentications, the first one would go to the email the hacker has, but then you would still have to retrieve the code on my phone. And of course the hacker doesn’t have that.
You can also flip the whole example around so that the hacker has access to the phone [e.g., stolen?] but not the email.
I don’t think that’s strictly necessary, but it would be a simple step to allow users to make their account more secure.