I suggest to make authentication fully configurable, i.e. configure various authentication methods (password, pin, bio-metrics, U2F, OTP) separately and allow arbitrary number and combinations of authentication methods for log in and unlock.
Login: Master Password + (U2F or OTP) ← very secure
Unlock: Bio-metric + U2F ← convenient
For this feature to make sense one should always be able to log out and back in again instead of unlocking to avoid nonsensical cases, e.g. my fingerprint reader is defective so I can’t unlock but could log in.
Also it should be possible to list multiple authentication methods as alternatives in a step as in the example above, e.g. U2F or OTP as 2nd factor.
An extension to more than three factors should be trivial.
And in addition everyone would be able to configure exactly for the security/convenience trade-off they want.
SFA with weak factors (PIN only or U2F only) should have a warning message associated.
Other feature requests like this: unlock-bitwarden-with-2fa-i-e-yubikey-instead-of-not-in-addition-to-password would be solved automatically.
I’m aware that encryption is based on the master password so logging in might always need to include the master password.
I’m happy to receive some feedback on this.