The FAQ answers the question of getting locked out: https://bitwarden.com/help/forgot-master-password/

TLDR: You are fucked if you lost the recovery codes.
Best case: You do encrypted backups every once in a while

You lost an arm. Remember to use the \ to escape the markdown ;)

I don’t know much of smart cards and the whole hardware based authentication beyond knowing they exist at all so please take my questions for what they are.

I was thinking the encryption on those cards are done with a private key and a writer/reader by the manufacturer (like HID). So if the NSA busts down the door and demands the key you could technically decrypt it.
So if you generate your own private key that vector is obviously mitigated, assuming they are providing the tool with a non-reversible hashing process or a guide on how to generate the key so it wouldn’t aid in the brure forces decryption.

Thank you for the info :)

I also use Firefox on Android with a fairly recent stock ROM phone. At best the whole process to pasting my password into the webform takes 5 seconds.
If the vault is still within unlock period the auto-fill takes even less time (assuming the authentication URL regex is correct. It’s a bit annoying with subdomains)

Hyptothetically, couldnt an attacker clone the smart card and retry on the copies?
I would believe a salted and hashed 0-knowledge password vault is more secure than a US-company which could be forced to surrender private keys used for the encryption

I feel like password managers are more targeted to companies where sharing and controlling login data shouldnt be logged on some table in an excel sheet.
It just so happens that a manager is also god damn convenient for the private individual

You can but shouldnt.

And best case on an actual separate device.
And if the company doesnt supply one, use your own at your own discretion /shrug

At least reputable companies do 3rd party audits and I have yet to hear about bitwarden getting pwned.
One of the only possibilities is them and their infrastructure getting ransomed

How is it more inconventient and slower?
The only reason should be that it needs to decrypt the vault upon login which (depending on the iterators of the encryption and the processing speed of the system) can take a second more. Until then it’s equal to a native integration.
Upside: You are not locked to a browser anymore as (at least Bitwarden) is agnostic.