diff --git a/libs/angular/src/auth/components/lock.component.ts b/libs/angular/src/auth/components/lock.component.ts
index 9114539d7a..436bada36a 100644
--- a/libs/angular/src/auth/components/lock.component.ts
+++ b/libs/angular/src/auth/components/lock.component.ts
@@ -310,6 +310,9 @@ export class LockComponent implements OnInit, OnDestroy {
     const usesKeyConnector = await this.keyConnectorService.getUsesKeyConnector();
     this.hideInput = usesKeyConnector && !this.pinLock;
 
+    // TODO: might have to duplicate/extend this check a bit - should it use new AcctDecryptionOptions?
+    // if the user has no MP hash via TDE and they get here without biometric / pin as well, they should logout as well.
+
     // Users with key connector and without biometric or pin has no MP to unlock using
     if (usesKeyConnector && !(this.biometricLock || this.pinLock)) {
       await this.vaultTimeoutService.logOut();
diff --git a/libs/angular/src/auth/components/login-with-device.component.ts b/libs/angular/src/auth/components/login-with-device.component.ts
index 7af5afeca7..5022be5a60 100644
--- a/libs/angular/src/auth/components/login-with-device.component.ts
+++ b/libs/angular/src/auth/components/login-with-device.component.ts
@@ -117,6 +117,13 @@ export class LoginWithDeviceComponent
 
   private async confirmResponse(requestId: string) {
     try {
+      // TODO for TDE: We are going to have to make changes here to support the new unlock flow as the user is already AuthN via SSO
+      // The existing flow currently works for unauthN users and authenticates them AND unlocks their vault.
+      // We only need the unlock portion of the logic to run.
+
+      // We need to make the approving device treats the MP hash as optional
+      // and make sure the server can handle that.
+
       const response = await this.apiService.getAuthResponse(
         requestId,
         this.passwordlessRequest.accessCode
@@ -126,6 +133,13 @@ export class LoginWithDeviceComponent
         return;
       }
 
+      // TODO for TDE:
+      // Add a check here to see if the user is already AuthN via SSO, then we
+      // have to figure out how to handle the unlock portion of the logic.
+      // Taken from PasswordlessLogInStrategy:
+      // await this.cryptoService.setKey(this.passwordlessCredentials.decKey);
+      // navigate to vault
+
       const credentials = await this.buildLoginCredentials(requestId, response);
       const loginResponse = await this.authService.logIn(credentials);