I was surprised when I saw haveibeenpwned recommending I store my multi-factor auth tokens in 1Password, and I'm curious for the rationale behind why that would be a good idea. Isn't MFA meant to be "a thing you know" and a "thing you have"? If someone gained access to my 1Password account, they'd be able to get in to all my services because they'd have both the passwords and the "proof" that they "have" my device (via those tokens).
Is the reasoning that in order to get into a 1Password account you need to "know" the password and "have" the security key? If so, why would 1Password offer 2FA to login to it?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Why is it a good idea to store 2FA tokens in 1Password?