[robbintt]

It is still 2 factor, breaching the password manager is a corner case that you can decide to cover or not. It seems like for critical accounts you should NOT. For derived accounts, it should be better than just a password.

[lxgr]

Only very marginally so. Or what would you say storing a (unique, long) password next to a TOTP hash actually achieves?

[sceutre]

Well the totp (even in your passwd manager) defends against phishing I'd thought vs password alone.

[lxgr]

For a "service based" password manager, sure. (It can prevent the service from ever handing over your encrypted database to an attacker.)

In a local password manager, it doesn't work like that. A challenge-response mechanism can help there, but the cost/benefit analysis looks pretty different there, IMO.