I am an avid user of your product and have been since LastPass lost their way and screwed everyone over with their price hikes. I have a suggestion to improve the security of your product even more. Currently, we can access our vault online and our account info is our email and then our password. Seeing as how people can get our email from public places, the bad guys have half of the login info. Would it be possible to incorporate some kind of userid system instead of or in addition to the email, so that the attack surface can be reduced and make it more difficult for the bad guys. This is especially important for accessing our vault on your website. Yes, I know about 2FA, but I am asking for security to be even further and to move away from the email address logins.
I would say in the meantime you can try is to use an alias or privacy forward email address or even for example use proton mail and u can get a separate email that you do not use online. Personally, I use privacy forward email addresses and completely separate emails for important things that never get posted online.
example:
social logins: [email protected]
password manager/bank: [email protected]
privacy email address: [email protected] that gets routed to social login email but blocks trackers and can be auto-generated.
duckduckgo - has great privacy forwarding email address use that also can auto generate ones
protonmail - has a great secure email address system you could use