Keeping Duo 2FA within Bitwarden

Silly question… since Bitwarden has excellent 2 factor authentication through Duo App, at first I kept my Duo credentials within the Bitwarden database.

My thinking…

In the highly unlikely chance someone gains access to my Bitwarden database, I’d simply change passwords / encryption key and lock them out again.

Then I realized that with their access to my Duo credentials they could login to my online vault and change the password to lock me out.

A bit on the paranoid side given the threat matrix I face, but it’s not trivial given the stakes.

I’m wondering what other users think about this and whether that one critical Duo 2FA credential should be stored elsewhere.

Any advice greatly appreciated.