So if I understand correctly, based on the documentation, if someone has the master password and the login url, they can derive all passwords without any 2fa/verification? If so, that seems like a security flaw...
agree. from what understand, if 2 people happen to have the same master password, they would have the same passwords for ALL THEIR ACCOUNTS. pretty scary if you ask me