I’ve created an organization and have 30 paid ‘seats’ for my colleagues. For the organization I’ve set up “TWO-STEP LOGIN” (2FA) as required, but it only gives you a simple checkbox.
However, as a user I can also opt to use “Email” (instead of something like an Authenticator App or Yubikey) as a “second” factor:
I do not consider “Email” a second factor, as it will likely be available on the same device as where you use your Bitwarden tooling. In any case, I want to enforce (either through disallowing some, or only allowing some) the types of 2FA people can use.
How can I enforce specific 2FA methods for my organization members?
Note: most of us will be using Authenticator Apps (like Authy) or YubiKey.