Security has either been easy and weak, or difficult and strong. It will never change and so you will always have the option of weak security if you dont want to jump through the hoops for the peace of mind.
> my friends who use typical insecure practices like password reuse or post-it notes
IMO people who do those things will never change. Its like the environment, everybody knows what they should be doing but no-one cares enough to do it.
So Bitwarden should offer 2FA for users who want the additional security – they should never force users to enable it. It would be like refusing to save "password" as a password, because it is insecure.
Security has either been easy and weak, or difficult and strong. It will never change and so you will always have the option of weak security if you dont want to jump through the hoops for the peace of mind.
> my friends who use typical insecure practices like password reuse or post-it notes
IMO people who do those things will never change. Its like the environment, everybody knows what they should be doing but no-one cares enough to do it.