It’s that for a service that you only have a need for, a few times a year, mandating 2FA is an unnecessary hassle that can lead to user frustration.
I’ve experienced the same with Gitlab. I rarely use Gitlab and don’t have anything important hosted there but when a project I was a member of enabled 2FA for all contributors, it made my Gitlab account completely frustrating to use.
Typical scenario: I’m trying to do something brief on Gitlab that requires me to be logged in so I login then get shown an interstitial page saying I cannot proceed until I enable 2FA on my Gitlab account. Every action I attempt while logged in will fail unless I either enable 2FA or remove myself from the project that enabled mandatory 2FA after I was added.
GitHub’s 2FA implementation is night and day better than Gitlab’s but I imagine the user frustration must be similar if you find yourself suddenly having to enable 2FA because a GitHub org you were already part of mandates it.
That said, the sign-in flow with a Passkey and BitWarden is great. Click "sign in with a passkey", click "confirm", done. No username, password, or 2FA required.
One day I hope BitWarden implement my suggestion of not requiring that second click if you only have one key.
I wonder if I can delete my account and create it anew with the same email and (probably) a different username.
