This is basically what I asked for in “Feature request” in Additional encryption for items protected by Master Password Reprompt - #3 by mmja
Basically meaning, that all TOTP and Passkeys would be further encrypted (not just “protected”) by password…which be default could simply be Bitwarden password(+nonce stored there) but user could select other password(s) to further protect these vital components against compromise. And ofcourse anything else user sees fit, like credit card info etc.