[zhfliz]

how?

standard TOTP MFA (which is what most password managers would offer in terms of MFA) uses a shared secret, which you would just dump from the same database you get the dumped passwords from.

unless you use asymmetric crypto e.g. in webauthn this doesn't benefit you at all.

[tuetuopay]

Except that the seed for the TOTP is unique to each website, because the website generates it, as opposed to an user-supplied password that might get reused across website. The impact is limited to the already compromised website, which is pretty darn good.