Hi all,
I have a quick question that I can’t seem to find an answer for.
I’ve had 2FA activated on my BW account for some time, so my “regular” login pattern is to type in my email + master password + OTP (generated on an app on my smartphone).
Recently, with the introduction of “login with my device” (not 100% sure of the option name in English, as I’m using it in my language, but I’m sure you see what I mean), I’d like it to become my main solution for login, because it saves me from manually typing in my master password, especially if I’m not sure of the machine I’m using at that time.
However, with this use case, I find that the OTP has become redundant. The login pattern is now typing in my email, clicking on “log in with my device”, unlocking my device with my biometrics, unlocking BW with my biometrics, approving the challenge, but then… I’m still prompted for the OTP. I don’t think this provides any additional security in this particular use case because to complete the previous steps, I already proved who I am with my biometrics on my phone, therefore the OTP app is only two taps away on my phone with no additional security challenge required.
Would it be feasible to select conditions for account authentication, so that logging in with email + master password would of course still require the 2nd factor OTP, but when using email + the 2nd factor device confirmation already, the OTP wouldn’t be required?
I hope this makes sense, thanks for your insights !
Cheers,
N.
Just one spontaneous thought: The “log in with device” replaces more or less the typing in of the master password - it is not a “second factor”. Thereby in your vault settings, you can’t choose this as a second factor-method. And thought from the point of view of vault security: if you have no second factor, there is no additional security to your vault - the master password alone would be enough to get access to your (web) vault. (-> the biometrics only protect your apps, but not access to the web vault itself)