Only partially, there have been various exploits of facial and fingerprint recognition over the years, or if they manage to steal the device in the window, where you have unlocked the apps and they haven’t relocked - there is usually a small window, for convenience, where they remain unlocked, so you don’t have to constantly re-open them, if you are swapping back and forth.
With some of the authenticator apps, which require FaceID or fingerprints, that is a half-way mitigation, but still not 100%. For normal use (device is clean and in your possesion), it is safe and you have MFA. If the device is hacked or stolen, you basically have to consider the MFA bypassed and get the authentication tokens re-issued immediately, the same with changing all your passwords.
It comes back to the same old convenience versus security, you trade off some extra security for the convenience - not having to fish a second device out of your pocket to hold against your phone / plug into your computer to get the MFA token. As long as the device is in your possession and not hacked, it is fine. For the case the phone is hacked or stolen, they theoretically have your passwords and your tokens, so you have to assume both are lost and react immediately to reset both passwords and tokens.
I used the phrase to make people think, but it is just a “worst case” situation.
Actually, I was saying that if you have both on the same device, it negates the MFA, in the event the device is stolen or compromised. I do use MFA for my password safe - I use a Yubikey.
Accessing the safe from the providers website is protected by MFA, once you have access to the encrypted blob and can copy it, you no longer need the MFA.
i.e. if you are trying to brute force your way into the someone’s cloud account, you need their MFA. If you have hacked the cloud of the password safe provider (a la LastPass), you already have the blob, so you don’t need to have the MFA token, you can just brute force for the master password on the blob in your possession.