Especially for personal accounts.
I get why a corporation would require it for employees…
But I hate it when Apple, Samsung, etc. are forcing you to have 2fa, especially by requiring a phone number.
Side note: Bitwarden will be requiring email verification codes starting in February 2025, for those who haven’t enabled 2fa yet (see my Post in YSK). Most people store their email credentials in their password vault… so a lot of people are gonna get locked out of their bitwarden vaults. I kinda hate it, especially on such sort notice (less than 10 days).
Problems is, I still haven’t received any notice, and I’m assuming nobody received that notice either. Only knew because I happen to see it on the webpage.
Imagine someone with only a phone (most people have their phone as their only device) and then lose their phone, then try to log in and… “Wtf is this?!?” and their email password is in the vault.
There are probably a lot of people that this scenario will happen to.
They should’ve gave at least 3 month of advance notice befote implementing this, this is rushed and a lot of people are gonna get locked out. (I know you’re supposed to backup, but like do you think the average person just expect Bitwarden to shut down, or just do a policy change with inadequate notice?)