I searched, but couldn’t find anything. Apologies if this has been suggested before.
Separate TOTP master login
- What will this feature do differently?
Currently, user pass and TOTP login data are all stored in one place (if you use the 2FA built into BitWarden). This is bad practice and essentially locks all a users logins behind a single password and reduces 2FA protection.
I propose that there is a secondary master login (whatever you want to call it) which is required to be different to that of your masterpass, and is required to access TOTP stored codes/generated codes.
- What benefits will this feature bring?
Better security for users. Anyone currently storing all three elements of their login data in BitWarden is relying on a single password to protect all of their accounts.
More convenience. No one would need to use two services (one for passwords, one for TOTP codes) to remain properly secure any more.