Same here. I have a 77 year old father who has had a stroke who is not going to be able to wrap his head around the notion of 2FA. It's a bridge too far. Not going to happen. He's just going to get confused and give up when faced with crap he doesn't understand (that's literally how it works with him). I've seem him break into tears because he couldn't figure out some mobile phone UX. Kind of heartbreaking to watch that happen. That's what strokes do to people. Stuff like this doesn't help people like that.

I'm thinking the built in browser password manager might be a safer, more usable option for him at this point. It's probably what I'll have to recommend when this inevitably blows up in a few months.

2FA is a hurdle for normal users. I've had to support 2FA for our Google workspace account for some of my non technical colleagues. It's a PITA almost 100% of them needed me to unblock their account at some point. Absolutely terrible UX. Most users aren't compatible with this stuff. That's why all the big companies are pushing for passkeys now. I don't think that actually fixes the problem and just moves it instead.

But I get it. Bitwarden wants to appeal to corporate IT managers so they can sell expensive enterprise licenses because IT managers are most of their paying customers. And for that they need to sacrifice UX. Because IT managers like liability even less than service providers (like Bitwarden). They'll make their users jump through hoops one hundred percent of the time if it reduces their exposure to their mistakes. So sacrificing UX for that is a small sacrifice. But it is a sacrifice that buys ass coverage for Bitwarden and IT managers. At the cost of users.