Why
Discussion
If they crack your password manager you're dead. No single points of failure 👀
No one is going to be able to do that. It helps to not use something terrible like lastpass or dashlane.
However, put the most important 2FA in a separate app. Leave the Netflix/Amazon 2FA in the password manager.
Be aware: likely the most important 2FA are those for your email accounts. All your email accounts.
If my login information is breached, I'm protected by my 2FA codes.
If my 2FA codes are breached, my login information are still safe.
2FA is meant to provide extra security. This is pointless if your login info and 2FA info are in the same place.
True if your password manager has a terrible security model, but not so if secured itself by multiple keys that never see exposure to the internet.
Check this out. I haven't come across another password manager with a security model like this: https://1passwordstatic.com/files/security/1password-white-paper.pdf
I love 1Password and have been using them for a few years now. I would recommend them wholeheartedly.
I also recommend Bitwarden as a secondary service.
I need to look into Bitwarden's security model more, but I'd probably only feel comfortable running it locally unless they have a comparable design to 1Password. Aside from their security principles, the other thing i really love about 1Password is how multiplatform they are. Wonderful apps for Windows, Mac, and Linux, and they have a cli and SSH agent i use in Linux.