Logging in with SSO seems to be one of the exceptions:
(source: New Device Login Protection (February / March 2025) | Bitwarden Help Center)
PS: Ah, I forgot: Welcome to the forum, @edwasa !
1 Like
Got it. Thanks!
1 Like
… as I think that site (New Device Login Protection (February / March 2025) | Bitwarden Help Center) was updated, I only now saw, that passkey-login is also one of the exceptions (we speculated recently about that here in the forum):
So, having some “login-with-passkey”-passkeys would also be a possible “backup-login” method, especially for all who fear to lose access due to the new device verification, right @Micah_Edelblut ?
Though “login-with-passkey” is still in beta and only works with the web vault… But if that “policy” would stay - being able to login-with-passkey to the other Bitwarden apps, would become even more interesting now, as it would avoid “every problem” with the new device verification (possibly). 
Yeah, the passkey that decrypts the vault is really seamless on desktop web app. Not bad on mobile device either (website isn’t responsive) but I found it did ask for master password, but does successfully skip 2FA (chromium browsers only currently I believe).
Think of the factors as more definitional. My go-to authoritative reference is NIST 800-63B-4, draft 2. It definitionally states:
- §3.1.1: A password is “something you know”
- §3.1.4: A single-factor OTP authenticator is something you have.
Even when written down a password remains “something you know”. Similarly, when protected with a password or when the secret key is memorized, TOTP remains “something you have”.