355
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
(www.bleepingcomputer.com)
This is a most excellent place for technology news and articles.
It's still two separate passwords so I think it qualifies as 2 factors.
But yes the password manager has one gpg key which only has one passphrase used to decrypt the passwords saved in the password manager. So if that was compromised then so would all passwords