Thanks for your reply. I mostly agree with you.
Currently, the security protocol when you tick "Require Password Reprompt"
is the following:
MP -> Vault Unlocked -> MP -> Password unlocked -> twice the same security approach
My proposal would be to add an option e.g. "Require 2AF Reprompt"
(only available if 2AF is activated) and you would get the following situation
MP -> Vault Unlocked -> 2AF -> Password unlocked -> two strong and different security approaches
It should not be a standard
and remain like today. But there are some passwords/notes which need the extra-layer of security (e.g. access keys to servers, online banking, ...)