The purpose of 2FA is to secure your account in case your master password is stolen, leaked, accidentally disclosed, guessed, or otherwise compromised. New Device Login Protection attempts to provide similar protection, but is less effective (e.g., because an attacker could by-pass this protection by breaking into your email account, or by fooling Bitwarden’s customer support via social engineering).
Of the two protection methods (2FA or New Device Login Protection), it is easier for you to guard against the risk of account lockout when you have enabled 2FA, provided that you are properly prepared. Best practice is to create an Emergency Sheet that is securely stored (ideally more than one copy, with one stored outside the home — e.g., in a safety deposit box, or with a trusted family member) and accessed only when you need to recover from account lockout (e.g., lost/stolen devices, forgotten master password, etc.). On this emergency sheet, one piece of information that should be recorded is the Two-Step Login Recovery Code, which allows you to disable all configured 2FA methods. My full recommendations for what to record on your emergency sheet can be found in this post from a recent thread: