Definitely not where you store your passwords! In my case, since I don't store my passwords on my phone, I have my TOTP app there, and then for backup, I print the QR codes when I set up TOTP and secure them in the physical world. Restoring my 2FA setup to a new phone is easy: I just scan through the stack of paper!