It depends on your risk profile, but yes, it's less secure. For some people the convenience is worth the risk, for others maybe not. If you opt to store 2fa keys in Bitwarden you'd definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.
If you opt to store 2fa keys in Bitwarden you'd definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.
With the risk of getting locked out if all your devices get logged out of Bitwarden! 🙈
To clarify, you'd want to enable 2fa for Bitwarden and store the token for that in a different authenticator app - that way you can still log in to Bitwarden without already needing to be logged in
Why not? If you enable 2fa, chance that you'll save the recovery/emergency code in your password manager anyway (I don't think people would really write them down on a piece of paper and put them in their safe). Why use a separate authenticator app if your password manager can handle it all?
chance that you'll save the recovery/emergency code in your password manager
You're absolutely right about this and I need to find a solution.
Why use a separate authenticator app if your password manager can handle it all?
What if you get logged out from Bitwarden on all the devices? How can you get back in Bitwarden if you have 2FA enabled on that service? (And I hope that you do!)
Believe it or not, I save my bitwarden 2FA on bitwarden too! I also save it on google authenticator, so I have it on two places. The reason I save it on bitwarden is to prevent losing access to the token if I lost my phone, because bitwarden allow you to unlock the vault without OPT on a know device/computer (it only ask for OTP when you login from a new device). So as long as I have one device with bitwarden, I should still be able to unlock the vault and re-login on a new phone using 2FA token from bitwarden on the other device. If I lost all my devices, then I'll have to dig the recovery code I hid and encrypted somewhere on my google account and my primary desktop, which is quite a pain so I hope I don't need to do this.
Beware that for important bug/problem/I don't know, you could be logged out from all your devices for security reason and in that case you can login only with 2FA even on devices where you were already logged in.
Keep in mind that Aegis can create encrypted backups, but you'll have to upload them somewhere and I understand that with Bitwarden is easier.