Hello everyone,
sorry if this has been suggested somewhere else already, but I couldn’t find a good post about it anywhere… (Searched here and on GH)
TL;DR:
A “Logout and forget this device”- or “Logout and forget saved 2FA” Button within the vault (desktop, apps and web) to logout the session and also remove it’s “2FA-Remember me” that is stored on the authentication-servers.
A bit more detailed:
Ability to not only log out but also “deauthorize” your current client-session, so that the 2FA has to be typed in again. Even if it has been set to “Remember me” before.
So IMO, when it is the expected (and surely for some users the wanted) behaviour, that the “Log out”-Button only affects the local data and not the (server-sided) “Remember-2FA-of-this-Client”, then there should also be an option from within the logged in vault (be it the desktop, app or web), to delete the “Remember-2FA-of-this-Client” for this specific session / client).
I’m aware of the “Deauthorize Sessions”-Option in the Web vault’s “Danger zone” (which isn’t always the best option imo) and also not talking about deauthorizing out other clients’ sessions as per other FRs.
Also, as this feature would only work with internet access (contacting the BW-authentication-servers), I’d recommend to add a warning like the following, for when it can’t reach the servers or there was some error:
=============================
| Log out and forget this device [X] |
| |
| There was an error contacting the |
| Bitwarden Servers. Please check |
| your internet connection and try |
| again. |
| |
| |
| |
| [Try again] |
| |
| [Log out, without forgetting |
| this device and it’s 2FA.] |
=============================
(Or just a generic one with an exact error-code beneath it.)
The closest related posts I could find were these, however they don’t exatcly feature this IMO: