I was under the impression that you would need to use 2FA every time the desktop app or the browser extensions ask you for your master password, but it seems like they only ask the first time you log in to a new session.
Is there some way to require 2FA every time you are asked to type in your master password?
At the moment, 2FA will only prompt whenever you log into the apps. Subsequent unlocks of the app do not require 2FA. If you log out and back in, you should be prompted again for 2FA.
Ah, OK.
Thank you for the reply. I guess I can just revoke all currently signed in sessions in the Barwarden control panel on the website then.
If I were to make a feature request it would be for an enhanced security experience that always required your Yubikey or some other form of 2FA to access your passwords even if you are already logged in and just need to type the master password.
That feature would be burdensome for many of us. If it was an option that you wanted to use of course I am into options. On my Android the BW app locks immediately when I leave full screen, and my decision is to use a four digit PIN over the fingerprint for unlocking. After 5 incorrect PIN tries BW automatically logs me out. My master password is long and I use U2F all the way (premium user here). I don’t believe someone would be lucky enough to “guess” my PIN in five attempts. Its a number that does not point to me (birthday, etc…). To begin with my Oreo Android is completely locked via fingerprint so a “bad guy” would have to get by that before they could even attempt a random PIN guess. I feel really safe using BW.