Mandatory MFA and persistent MFA push notifications if disabled

Feature name

  • I would have the system scream at you through push notifications if you do not have MFA enabled. Perhaps, make MFA mandatory.

Feature function

It will give everyone the extra level of protection that MSPs and IT departments need so we can sleep well at night.

Related topics + references

See Office 365. MFA is mandatory now.

Hello, while having user accounts require MFA would be ideal there is always a balance of usability and security.
Using a password manager without 2FA is arguably better than other alternatives someone who does not enable MFA by default would use, such as reusing password, variations of passwords, etc.

Though for organizations 2FA can be made mandatory though enterprise policies which would require users to enable some form of 2FA prior to being accepted to an organization.
https://bitwarden.com/help/article/policies/#two-step-login

What we do at our company is invite new users from the organization which already has enterprise policies such as mandatory 2FA, master password requirements, password generator, and password reset enrollment. This sends an email to the new user and allows them to sign up but stipulates a strong master password, 2FA is enabled and then the organization invite can be accepted.