A 2fa device, perhaps? Access to Bitwarden requires 2fa, and confers on the device I logged into the ability to 2fa for other purposes. I don't leave Bitwarden unlocked for more than a few seconds, so the two factors are "having a device on which I've logged into Bitwarden already" and either "being able to satisfy a biometric sensor" or "knowing my passphrase".
I do also have the ability to bootstrap Bitwarden access on a new device without an existing device -- the two factors then being "knowing my passphrase" and "having my security key".
I do also have the ability to bootstrap Bitwarden access on a new device without an existing device -- the two factors then being "knowing my passphrase" and "having my security key".