If proprietary app is better and more robust I am willing to try it and assess it myself.
Bitwarden and it’s fully cross-platform. I like that it auto copies the 2FA pin to clipboard after filling in login - cuts out extra clicks and copy movements.
Vaultwarden is also a great and simple to self-host backend written in Go that runs in Docker.
Kinda makes two factor authentication useless as they are both stored in the same place.
I think it is more about passwords being accessible after hacks etc. What you are referring to, is if Bitwarden were to be hacked, both are accessible. Online Bitwarden has securely hashed all the data, so that is pretty useless if anyone gets it. On my devices I use biometric login, and on desktop a Yubiky as 2FA into Bitwarden. I also have it set to request login every time the browser is restarted, just in case someone were to steal the session data from the browser.
But your point is very valid if a user were to have a weak password for their Bitwarden, or not to have a good 2FA for their Bitwarden login. You want to keep that basket of eggs as safe as you can.
“Authenticator key (TOTP) storage is available to all accounts. TOTP code generation requires premium or membership to a paid organization (families, teams, or enterprise).”
It’s $10/y and a steal for that excellent software. I pay it and self host it just to support them.