It depends on the use case, but generally speaking, yeah.
It's less secure than a dedicated device for storage of the 2FA secrets and code generation, sure, but I don't see how it's any less secure than using a service like Duo to manage and sync your secrets.
Furthermore, I'd argue it's substantially more secure than the recovery process for almost all of the services I use, most of which offer an option to reset by SMS.
Finally, keeping your 2FA secrets in your password manager is very likely not to change the attack surface for most people anyhow, as most people keep their recovery codes in their password managers as well.
Yes, if the attack vector you're trying to close is a compromised keyboard/network/terminal and not a stolen-while-unlocked device.
"Catching" one 2FA code doesn't let you compromise someone's account.
Losing (or having compromised) the hardware running your password manager while that password manager is unlocked is a totally different thing from logging into a web site once from a library computer.
> Yes, if the attack vector you're trying to close is a compromised keyboard/network/terminal and not a stolen-while-unlocked device.
however, not having the TOTP key in your password manager would also protect against malware on your machine running the password manager from gaining access to your account.
