Hi @treege
All you said is true that keeping the TOTP at the same place with passwords garbles the purpose of second factor authentication. If the master password of Enpass is compromised there is no actual second factor left. For the same reason we did’t add the TOTP support for logins in Enpass for a long time. But there were too many customer requests with references to competitor products showing desperation and a use case.