I encourage you, as an exercise at least, to think about what you'll do when it doesn't work.
You're sure this is the right web site. But Bitwarden won't fill out the code. What could be wrong? Did the idiots who make this web site change the URL?
Now, maybe you're a far above average user and you would calmly determine the exact cause, assuming at every step that the most likely explanation is you're being phished. Hopefully that's more likely now that you've done this exercise. I would love to believe I'm in this category.
But most users will just be frustrated, why wasn't it filled out? Is there a way to get the code from Bitwarden anyway? There is, it's a bit fiddly but you can do it. Lots of users are going to do that. They might even help each other to give their credentials to bad guys, community spirit.
Hopefully some of those users pause because this is unusual and a few of them will realise in that moment that they're being phished. But experiments suggest most won't.
I did consider this, and I would also like to believe that my first thought would be "I am being phished" rather than "I'm sure this is the right web site." I do understand that many users (including myself on a bad day) might not recognize a phishing situation. But at least there is a layer of defense that SMS doesn't have.
Maybe the Bitwarden extension should warn users when they try to copy/view a TOTP code by searching for a login rather than using a matched entry.
U2F is my preferred method of MFA, but many services don't support it, and there can be practical issues even for the ones that do. For example, some services support U2F in a browser but not in mobile apps.
You're sure this is the right web site. But Bitwarden won't fill out the code. What could be wrong? Did the idiots who make this web site change the URL?
Now, maybe you're a far above average user and you would calmly determine the exact cause, assuming at every step that the most likely explanation is you're being phished. Hopefully that's more likely now that you've done this exercise. I would love to believe I'm in this category.
But most users will just be frustrated, why wasn't it filled out? Is there a way to get the code from Bitwarden anyway? There is, it's a bit fiddly but you can do it. Lots of users are going to do that. They might even help each other to give their credentials to bad guys, community spirit.
Hopefully some of those users pause because this is unusual and a few of them will realise in that moment that they're being phished. But experiments suggest most won't.