The moment you put TOTP in Bitwarden it is no longer a 'second factor'. Pretty bad security advice to be honest. Better to use hardware tokens or a secure phone (with enclave) instead (never SMS though).
In most cases a true second factor isn't really what any involved party cares about.
My bank (I mean, they use SMS, but pretend they use TOTP) just care about not having to spend money on support because I used "password1!" as my password for every account and lose all my money.
I just want to log in to my bank.
If I've got a long, random, unique, securely-stored password, I don't actually care about having a second factor, I'm just enabling TOTP so that I don't have to copy/paste codes from my email or phone.
> If I've got a long, random, unique, securely-stored password, I don't actually care about having a second factor
I'm not comfortable with my entire online identity being protected by a single line of defence which is a company that I'm paying a few dollars a month to. Not having to type 6 digits off a phone is a pretty minor convenience for me.
Do you then avoid syncing any passwords to your phone to avoid having your two factors in the same place? (And similarly, avoid syncing SMS to any devices where you do have passwords.)
