Further Securing encypted export

The encrypted export is protected by a strong password (tied to an email or not), while the account can have both a password and various 2fa options.

I think it might be useful to have an option to embed the account 2fa info into the encrypted export for additional security. Currently, given the password the export file can be imported to another account exposing all the data, so I don’t like to have them sitting around on disk even with a strong password. With 2fa embedded, on import bitwarden can decrypt as you do now, but if the file contains 2fa data then that has to be verified as well before allowing import into an account. It would still allow importing into another account, but with both password and 2fa protection before it is possible.

If I knew both were in the encrypted export then I would have no problem leaving exports on my disk since both the password and my 2fa (TOTP, FIDO2, etc) are needed before anyone can use them. All 2fa options would have to be stored so any one of them could be used to authorize import. On import, the embedded 2fa does not affect the account settings (perhaps an option), it is just one extra check before bringing all the data into the account.

Maybe everyone is happy with a password for import, but I could sleep better knowing that my backup file can’t be cracked by force alone.