I have enabled 2fa and after login on iOS with 2fa said “auto login” so it is not asking for 2fa again.
Now i got some YubiKeys and I want Bitwarden ask for 2fa every login, again.
How can I delete the current trusted device from a list, so it is asking for 2fa again?
What i tried, but still no 2fa request at login:
Touch logout, login again. On Windows/Android its asking me again for 2fa, but not on iOS
Reinstalled app - still no question for 2fa after login with password.
Is there somehwere a list do delete trusted devices?
Cool! That worked. Such a button I was searching for, now it is asking again for my YubiKey OTP.
Then it seems to be a minor bug, but ok for the moment.
I notice that the last post here is over two years old, but the problem it describes apparently remains. Replying to it since it seems to be an old bug that I believe I’m running across.
I’m new to Bitwarden and ran into this behavior. I disabled 2FA for the account from the web Bitwarden site, and then re-enabled it creating a new TOTP account. On my laptop, desktop, and iPhone I was required to login and verify with the new TOTP code. On my iPad, however, I was not. It continues to log-in without requiring 2FA. I logged out of the app, killed it, and then relaunched but the behavior remains.
While the suggestion in this thread of deauthorizing all sessions may be a solution, I’m concerned that this issue exists at all, especially since it was highlighted several years ago. I would hope that all app instances and browser extensions would check the server for new auth rules and credentials every time a login is made. Since these can be changed at any time (as would be the case if there was a security breach of some type) I would expect that the updated info would propagate reliably to every device. Otherwise, an errant device that doesn’t see the changes becomes a big security hole.
Anyway, I’m happy to provide more info to help resolve this, but I remain a tad concerned about security because of this behavior.