I use a mix of Keychain and MacPass (keepass compatible). I will add something to MacPass, then sign in with it and let Keychain remember it. Notes however:
1. I do not use the MFA capability of Keychain at all. Putting your MFA, username and password in the same store is fucking stupid. I have a hardware TOTP token. Backup codes for that are however kept in Keepass.
2. I keep an offline backup of everything. Never trust a cloud backup!
3. All vendors are ephemeral, regardless of their size. Everything I have I have a carefully planned exit plan for.
As other people have pointed out, your keychain is on disk, but if you lose the Mac and find out your MFA codes don't work or something (this does happen) then you're SOL. Keep a backup.
1. I do not use the MFA capability of Keychain at all. Putting your MFA, username and password in the same store is fucking stupid. I have a hardware TOTP token. Backup codes for that are however kept in Keepass.
2. I keep an offline backup of everything. Never trust a cloud backup!
3. All vendors are ephemeral, regardless of their size. Everything I have I have a carefully planned exit plan for.
As other people have pointed out, your keychain is on disk, but if you lose the Mac and find out your MFA codes don't work or something (this does happen) then you're SOL. Keep a backup.