I had to create a temp account with them to test this real quick because it’s been a long while now since I used them (Bitwarden for the win). The answer to your question is, yes, you do have to sign in and generate the OTPs. It would be horrible if they required you to sign in real-time with the master password to generate the OTP in whatever untrusted/unsavory place you want to use a OTP. Their method of implementation of this workflow seems the most logical to follow to allow this feature. I took the liberty of following through a workflow for you below.
Once signed in, hidden within the menus of LP – “More options” (1) > “Advanced” (2). – there is an option called “one-time passwords” (3). (figure 1)
After you make it through the rollercoaster of links, you’ll land on a php page that you can generate, delete, and print your OTPs (figure 2).
Each time you generate a OTP, you’re prompted to put in your master password, which makes total sense. Same process for clearing OTPs. Printing, though, just pulls up the browser’s native print function with a basic render of the otp.php page.
So let’s fast-forward to being in some untrusted/unsavory place like an airport, coffee shop, or anywhere you want to use a OTP. On LPs login page, there’s a link to login using a OTP. (figure 3)
You’ll be presented with a different login page with the proper form requirements for OTP access. (figure 4)
I did this and it took me to my account just as if I had logged in normally.
Going back to the OTP menu, now there are 2 vs 3 OTPs for use, as expected. (figure 5)
LP calls these OTPs, but they’re pretty much like backup passwords from other services. I know Google and many other companies use these, and they have their own way of logging in and cycling through these.
Typically, you get 10 prefabricated OTPs/backups you might receive with another service online, so I created 12 OTPs to test the waters slightly to see if you could likely go beyond the typical limit. I presume you can go as many as you like up to some coded ceiling. (figure 6)
I like the ability to generate as many OTPs/backup passwords as I need because some of the services out there that you either have them right at sign up or whether you you opt-in to get OTP/backups, either way, you get 10, period.
Bitwarden obviously has a 10-fold better website layout so the implementation wouldn’t be as ghastly as LPs, surely. I can see it being an option under say the “Tools” or “Settings” menus. Once the OTPs/backup passwords are generated, then how/when you use them is up to you, but you have the comfort of knowing that you can use a OTP/backup password whenever you need.
While I agree with the thought process and perspective @OpSec had in the intial reply, we can only face the reality that not everyone will, can, wants to, or knows how to use a VPN or a U2F. People are people, yes, and we need to keep flexibility open.
I hope this information helps. I’ll leave my test account open for a few days in case you have any other testing you’d like me to perform.