Possibility for 2FA login always on

appistoore · May 11, 2022, 7:09am

Feature function

I have Yubikey because every time you log on to Bitwarden, you should have it, and without it you wouldn’t be able to get into storage. But Bitwarden can be accessed with just a password or just a pin code if the store is only locked. I don’t know why it couldn’t make sense to ask Yubikey even after a PIN, even if Bitwarden is locked, but from my point of view it would make harder for a outsider to login to my Bitwarden.

For example, if my phone is stolen and someone gains access to my Bitwarden (somehow knows my PIN), that person would not be able to open Bitwarden, if he/she doesn’t have my Yubikey.

Maybe I could set 2FA always on for certain devices, like mobile phone or laptop, and leave it off for other workstations.

Gaurav · May 11, 2022, 7:19am

Hello @appistoore , welcome to Bitwarden community forums !
To give to you a quick solution for it , you could change the “Vault Timeout Action” settings to “Log out” , which will prompt for the 2FA code every time you want to access your vault on a particular device.

You could also have look at the following feature request , if you are looking for something similar - Unlock Bitwarden with 2FA i.e. Yubikey (instead of, not in addition to password)