I only use 2FA if the service provides me with backup codes that I can put in my password safe, which has a unique, long password that is stored and backed up in several places.
If there is not a self-service recovery option for me losing my phone, I won't use it.
---
FWIW I keep a copy on my desktop and on my phone (Keepass) and sync them every few weeks. I try not to add new passwords to my phone copy in order to keep things simple, but Keepass can do diffs and merges.
"But if your safe is owned, then all your accounts are owned!" Yes, that's the balance I take. If someone is able to get my safe and use my bio auth on the phone OR otherwise crack it, I'm screwed.
If there is not a self-service recovery option for me losing my phone, I won't use it.
---
FWIW I keep a copy on my desktop and on my phone (Keepass) and sync them every few weeks. I try not to add new passwords to my phone copy in order to keep things simple, but Keepass can do diffs and merges.
"But if your safe is owned, then all your accounts are owned!" Yes, that's the balance I take. If someone is able to get my safe and use my bio auth on the phone OR otherwise crack it, I'm screwed.