[tracker1]

I use the same app for most 2fa and the passwords themselves (Bitwarden). It makes the 2FA slightly weaker being in the same app, but infinitely more useful. It does bug me that they (Bitwarden) as a service want me to use 2FA for first logins, which makes it harder to access. My master passphrase is long, unique and only on their app/site.

[sam_lowry_]

Master password that you share with a third party?

I probably do not understand how Bitwarden works, but this feels wrong anyway.

[tracker1]

If trust issues and paranoia are sufficient, you can definitely self-host the server portion of the application, and many do. ;-)

Bitwarden is open-source enough to where all functionality can be self-hosted and run on one's own and reviewed. IIRC, there are a couple of non-floss modules for the commercial release in different directories under source control iirc... Some are more purist than others.