[latchkey]

> not sure how I feel about passwords and totp being in the same app

I felt the same way and I've come to realize that it is not a big deal. One advantage is that with a shared password manager account, you can also share the TOTP along with it. Very convenient for a bunch of usecases.

[gukov]

Is it really multifactor then, with everything in Bitwarden?

[latchkey]

The way I see it, your password manager becomes the central point of failure. Therefore, secure your password manager with a hardware security key (yubi). Not all accounts stored in a password manager are created equal... some need more security than others. If there are accounts that you want additional 2FA security on, just use a separate TOTP app. It doesn't have to be an all or none option.

[therealmarv]

The second factor is not meant or designed to safe you against a compromised PC or phone (your session or cookies could be probably more easily stolen even when second factor on another device). Many people have passwords and totp on the same phone too. The second factor is more meant to verify that you are really you to a web site and safeguard your account on that web site.