When designing this feature, were there any thoughts about making it so that unrecognized devices are subject to a waiting period (e.g. 2 days, but adjustable by the user) before getting auto-approved? The user will get notified about the unrecognized device, via emails, notifications in the desktop/mobile app, notifications in the browser extension, etc. and can either explicitly accept the device as verified to skip the waiting period, or reject the device (and then change the vault password if needed). That way, in the worst case scenario where the user can’t access their trusted devices, the only consequence would just be an annoying waiting period as opposed to being 100% unable to access their vault.