Storing MFA Setup Codes?

Given the number of recent articles citing direct attacks against password managers as the hacker pot at the end of the rainbow (metaphorically speaking) I'm beginning to question the wisdom of storing account MFA within the vault record itself.

It's one thing if a hacker obtains a single OTP, but it's completely another problem if the hacker has access to the stored setup code where they can simply duplicate the MFA.

In other words, how is 1Password protecting MFA setup codes in memory in the case of a compromised workstation?

Example: Are these codes encrypted in memory, since I can see them when I Edit a record?

What is the security architecture of these highly sensitive values (arguably more sensitive than the password itself) in the vault, while in memory, etc.?

Similar questions about the storage of Passkeys.

Thanks!

browser extension

discussion

Forum Discussion

Storing MFA Setup Codes?

Recent Discussions

Before I submit this as a bug…. User name prefilled when creating a new login.

How Do I "Actually" Stop Auto Login? Not "stop" it, but actually, really, no-kidding stop it?

How Safe From Hackers is 1Pass?

Question about updating from 1Password 4 > 8

Memorable passwords in other languages on the website