Many services that support passkeys don’t require 2FA when logging in with passkeys. I would like to ensure every service I use needs at least two factors before I can login.
Similar to how I can require an account to require my master password be confirmed again, can we have a “2FA re-prompt” option?
I do not want my master password to be the only thing stopping someone from accessing my GitHub account if I’ve left a device open which is the case now that I have a passkey stored in Bitwarden. I am only human after all.
As other alternatives, Bitwarden could also require a PIN or biometric to use the passkey. This is typically what is required when using other passkey solutions and why it normally satisfies being MFA.