Its a pretty tough decision what to use for this imo since technically, you‘re right. Then again, you already have to log into your os and unlock the password safe to get the passwords or the otps.
The reason why mfa is done is if your password leaks you are not completely effed. You can obviously use a second selfhosted service with a different password but chances are most people would rather use something easier.
Also, passkeys work the same way. They work if you are logged into a device. That way you get no additional password except you can only use it from the device in question.
Its a pretty tough decision what to use for this imo since technically, you‘re right. Then again, you already have to log into your os and unlock the password safe to get the passwords or the otps.
The reason why mfa is done is if your password leaks you are not completely effed. You can obviously use a second selfhosted service with a different password but chances are most people would rather use something easier.
Also, passkeys work the same way. They work if you are logged into a device. That way you get no additional password except you can only use it from the device in question.