A password manager itself should be protected with 2FA already. Especially in terms of 1Password since you mentioned it, you need to have both master password and private key to decrypt a vault. It is a pretty strong 2FA as long as you know how to protect the private key.
Granted that if you put your TOTP seed somewhere else outside the password manager, you technically achieved "3FA"(1Password master password + 1Password private key + TOTP token) and it is more secure. But I don't think putting TOTP seed and password together in the same password manager weakens 2FA?
To login to a website:
- Without a password manager, your 2 factors are account password + account TOTP.
- With 1Password, your 2 factors are 1Password master password + 1Password private key.
Granted that if you put your TOTP seed somewhere else outside the password manager, you technically achieved "3FA"(1Password master password + 1Password private key + TOTP token) and it is more secure. But I don't think putting TOTP seed and password together in the same password manager weakens 2FA?
To login to a website:
- Without a password manager, your 2 factors are account password + account TOTP.
- With 1Password, your 2 factors are 1Password master password + 1Password private key.