@xabean I understand that it could certainly make sense or shared or business accounts, but reporting things like this seems to make security worse for non-technical users. I have TFA on those accounts, but I'm not storing the tokens in the same database as the credentials (otherwise what's the point for a personal vault?).