Especially for personal accounts.
I get why a corporation would require it for employees…
But I hate it when Apple, Samsung, etc. are forcing you to have 2fa, especially by requiring a phone number.
Side note: Bitwarden will be requiring email verification codes starting in February 2025, for those who haven’t enabled 2fa yet (see my Post in YSK). Most people store their email credentials in their password vault… so a lot of people are gonna get locked out of their bitwarden vaults. I kinda hate it, especially on such sort notice (less than 10 days).
It should be required everywhere.
Username+password alone is not safe.
But if someone store all their 2FA in their password vault, wouldn’t that just be 1FA with extra steps?
It still protects against sites getting breached and the password leaked which is very common.
You don’t have to store 2fa in your password vault, and even then, you can enable 2fa for the vault. It’s just more secure. Be confident that your login info will be leaked sometime, somewhere. With 2fa you’re still safe.