Replies: 1 comment 1 reply
-
It actually makes it less secure. It would allow anyone to login from any device not first logged in by using a master password and MFA. If you left a device open which is able to confirm the login you just exposed a quick way for someone else to login. From my perspective we will not add something like this. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
While the official device login is only suitable for known devices (Bitwarden's official blog) ,
it is possible to configure the server to make this feature available to all devices.
During login, the browser sends a request to
/api/devices/knowndevice
to check if the current device is recognized.The button is only displayed if the response is true.
However, by modifying the response from false to true, you can also log in normally by clicking the "Log in with device" button.
This feature makes it very convenient and secure to log in with a browser in incognito mode, and it does not directly expose the master password through keyboard input.
Beta Was this translation helpful? Give feedback.
All reactions