> To my knowledge it isn't possible to protect a file with a rotating key.
This is my point, it is an implementation detail of the password manager to integrate OTP or another second with decryption of the vault. Any password manager can implement this.
From the perspective of the user, you are stripping a factor for some arbitrary period of time. It's a broken implementation.
That is not correct. You can not have offline caching and otp enabled at the same time. That is why things like yubikey exist. If your are not using another 2fa method besides otp it's either the security risk or entering otp each time you access the vault.
Obviously the later is not feasible.
> You can not have offline caching and otp enabled at the same time.
I'm not sure why you are having such a hard time understanding this is an implementation detail of the password manager that can change at any time. You are treating this like it cannot be implemented differently. It absolutely can.
This is my point, it is an implementation detail of the password manager to integrate OTP or another second with decryption of the vault. Any password manager can implement this.
From the perspective of the user, you are stripping a factor for some arbitrary period of time. It's a broken implementation.