I memorize the seed and calculate the next token in my head.

Passwords in KeePass, totp in Aegis.
My phone does have both, but they each have their own encryption.

I throw them all in Bitwarden which is protected with a long, unique password and a yubikey.

Hardware keys for everything. Bitwarden for the rest.

Aegis with the password in a YubiKey.

My password manager and I don’t know the password.

Depends on what is secure enough to you. For me that is secure enough but I know a ton of people out there who would say it’s not secure enough for them. So in the end it’s up to you. Think about the risks and make a decision.

Honestly a big debate, so it really depends on your threat model. Lots of people even keep their totp seeds within their password manager which basically defeats 2fa imo, but it’s highly convenient. Personally I keep my totp seeds seperated in a sandboxed user profile.

I might keep the in Bitwarden, then secured with hardware key.

deleted

Yuibkey authenticator app looks good. All tokens are in the hardkey.

deleted by creator

Well, the whole point of otp tokens/2fa, is to have a second login confirmation. Mostly on another device, like a phone.

Now maybe if you store your 2fa way on the same device, but locked away with a strong password, it may work, and could be safe enough.

But if it’s the same password as your device or another account, it isn’t that safe.