[vinckr]

>The 2FA and hardware keys are bypassed in this case. It’s all your master password.

Not sure I follow. When my master password is breached, attackers would still need to have my hardware key (which I obviously don't keep in the cloud), right?

[gchamonlive]

In case of a password breach, yes, but the comment you are responding to refers to a data breach, where somehow the attacker dumps raw database data, which is still encrypted but only by your master password, afaik.