The feature allows you to tell Bitwarden clients to automatically log the user out completely. Since the user is logged out completely, they will have to use 2FA in order to log back in again.
The scope of this request is for 2FA during the lock/unlock process, which is not solved with simply automatically logging the user out.
Description
2FA during unlocking process
I want to be able to set my BW clients to automatically lock at every X interval.
In order to unlock the clients, the process should be exactly as is, with the option to use biometrics/PIN/password/etc and with the addition of requiring 2FA or not.
A user can choose to use a PIN as well as a 2FA token, for example.
Feature summary
Keep the locking/unlocking process exactly as is, just add the option of requiring 2FA to unlock.
I currently use BW along with MFA through Azure/MS Authenticator. It requires an MFA request when connecting from an unknown browser but not when connecting from a known device. This is convenient but comes with the risk that a malicious or unsecure device could become approved and compromise a user’s passwords with no way of anybody knowing.
A nice feature would be the ability to require MFA authentication on every vault unlock (perhaps by sending an approval push notification to the mobile app). That way, if a user does something silly like approve the PC at their local library the risk is still minimal since a potential attacker still wouldn’t be able to get past the MFA request.
Having device approvals expire over time and require re-approval could also be helpful on this front.