I have a somewhat unpopular take on this. If the service supports hardware tokens, I will use it, any only it, as my 2FA method. However, if the service doesn’t support hardware keys I scan and store the TOTP code in 1Password alongside the password of the service. I realize this will cause some eyerolls because it’s not real 2FA, BUT the 1Password login is protected with a hardware key and it’s extremely convenient.
I played around using TOTP with Yubico Authenticator in the past, but it turns out you can fit only so many TOTP codes into a single Yubikey (something like 20-30?) This is a showstopper for me since I have hundreds of accounts with TOTP enabled.
I have a somewhat unpopular take on this. If the service supports hardware tokens, I will use it, any only it, as my 2FA method. However, if the service doesn’t support hardware keys I scan and store the TOTP code in 1Password alongside the password of the service. I realize this will cause some eyerolls because it’s not real 2FA, BUT the 1Password login is protected with a hardware key and it’s extremely convenient.
I played around using TOTP with Yubico Authenticator in the past, but it turns out you can fit only so many TOTP codes into a single Yubikey (something like 20-30?) This is a showstopper for me since I have hundreds of accounts with TOTP enabled.