I agree, and when I first read the headline, my reaction was "Well, I guess it's time to start researching different password managers, because I obviously can't use Bitwarden anymore."
However, despite what the headline says, this 2FA does not appear to be mandatory.
Under the heading: "Who is excluded from this account email-based new device verification?"
> Users who opt-out from their account settings, to which an option will be added, are excluded.
To clarify, this was new information added to the release within the past hour or so, which seems like the company responding to criticism. The original article gave no indication 2FA was anything but mandatory.
Thank you. The title should be changed, really. Following an ancient HN custom I've chosen to get annoyed before reading the article, and the title simply isn't true. In fact, it's exactly what GP suggested, which is a perfectly nice way to implement that. (Unless, of course, one day they get rid of that option as well...)
The title was changed, but it's worth pointing out that they updated the article AFTER criticisms in this thread were already made (the original policy did not say you could opt-out):
However, despite what the headline says, this 2FA does not appear to be mandatory.
Under the heading: "Who is excluded from this account email-based new device verification?"
> Users who opt-out from their account settings, to which an option will be added, are excluded.