+1 I just host my Vaultwarden server and then, I have all my 2FA secrets in my vault as well. Works very conveniently with autofill enabled by default for OTP codes.

I just have a strong vault password for my vault and that should be more than enough I guess

I use Bitwarden for passwords, so... i dont really like that mucho having 2Fa there too... It losses the porpoise of the 2fa.

Bitwarden has a separate 2fa app so your totp codes aren't in the same password vault (though you can do that, but shouldn't).

Why shouldn't you?

I use a Yubikey as the 2FA for my bitwatden, then store all the TOTP codes with the passwords in the same vault. Quite convenient, and also adheres to the principles of MFA

If your one Bitwarden store were compromised in any way, it is game over since it also contains the 2FA codes.

If you were to use two apps / two stores, there is another hurdle.

That is exactly why I do it.

Not really? Even in the same basket, having TOTP and passwords on iCloud mitigates a lot of scenarios, such as leaked passwords.

Depending on your threat model, this solution is ok — way better than no 2FA at all or SMS.

1Password has a nice article regarding this point: https://blog.1password.com/1password-2fa-passwords-codes-tog...

Add 2FAS to that.