@Fadi Try using Bitwarden offline, to see its impact. That's the fundamental difference between Enpass as offline, and Bitwarden as online password managers.

There are 2FA setups, such as AuthLite, that work offline but, they're designed around connecting to a business domain, not one piece of software on a computer. 

As mentioned, with Bitwarden's desktop software, if a computer is kept offline and the local vault locked, even with 2FA enabled, offline access only requires the password. However, if you log out of that vault, it can now only be unlocked, online, which means the physical vault on your computer, needs access to Bitwarden's servers, for the required authentication. I.e. if Bitwarden's servers are down, you won't be able to get to your passwords. 

I don't speak for Enpass, but for it to remain a truly offline solution, everything, including additional security layers, must also be offline, otherwise, the end user is no longer in total control of their own password vault. 

A simple example of that is adding and editing vault entries offline, a task that is second nature to Enpass, Bitwarden's desktop software, offline, is purely a viewer, they're still working on offline editing.

There is no right or wrong approach, it's a matter of what works for you, but it's important to understand the pros and cons of both approaches. 

@Thoughts? The only question I have is how do we make it more secure from unknown access. Storing a security key file in an encrypted vault requires unlocking the vault before accessing the file and unlocking Enpass. Once the volume is unlocked, it becomes vulnerable to RAT attacks and enpass may be subject to key logging. Therefore, it is crucial to find a more robust encryption solution that ensures no unauthorized access to the database. Enpass must be able to access both the database and the security key files simultaneously for maximum security. Storing these files in separate Cryptomator vaults will not suffice as neither vault will function unless both are unlocked. Furthermore, once both vaults are unlocked, anyone could potentially gain access to them, compromising the security of both files. Enpass is maybe not crackable, but it is hackable with much easier tricks than the other password managers.