note1y2nxa3qajcyawz95hj36wh2wa9cl9mk25trf22asa080qm45epvssqprvw

"2 TOTP codes are not stored in 1Password.

1Password’s own TOTP code

The TOTP code to my “account signup email” address"

Smart! Also like that he keeps 3 copies of these

"For maximum security, you can store your 2FA token elsewhere, like a YubiKey (see Yubico Authenticator) or Google Authenticator, and keep the recovery codes safe somewhere outside your computer ..."

I don't agree. I think that having 2 separate vaults for accounts and OTPs is a simple and effective strategy. The OTP vault can simply be the encrypted exporting of the OTP app, that you save in multiple places for redundancy and you unlock only when you have to restore the vault. This approach mitigates several problems, including supply chain attacks, and you just need to manage two passwords/backups (which you have to have anyway if you manage the password manager/email otp separatly).

Of course, given the general lack of attention to this sort of thing, using a single password manager is often already an improvement and "good enough".

PS: The articile is a bit of an adv for 1Password!