marius-wieschollek
commented
10 months ago You can kind of do this using the feature management and enabling the first run wizard. That will guide every user trough the E2EE process, but it can still be skipped.
I will currently not add a toggle for this because i want to add some kind of passphrase recovery first as users tend to always forget their encryption passphrase.
Current Status Enabling end-to-end encryption significantly improves password security, including for shared passwords that are encrypted on the server because it makes it mandatory to log in before retrieving passwords using the API. This way, leaking an application password or stealing a browser profile no longer allows access to passwords.
Feature Description It would be interesting to have an administration option that makes end-to-end encryption mandatory for the entire server or for groups of users, as the Two-Factor TOTP Provider application currently does.
When a user belonging to a group that has been forced to use end-to-end encryption launches the application, they should see the master password creation screen and not be able to use the application until they have set a password. Similarly, the use of the API should be blocked until the user has created a master password.