[seppin]

> (I don't think it is.)

If your master password is someone exposed, then nothing really protects you.

[matwood]

This is not true. 1Password could have a breach which exposes your master password. A hacker would then have access to your passwords, but not your 2fa. Even if you do not keep these items physically separated like a hardware token, it makes complete sense to have them be in different applications. For example, passwords in 1Password and tokens stored in Authy.

[dev_dull]

Wouldn’t an 2fa device (such as an otp token) actually protect you in this case? They have your password but not your otp generator.

[seppin]

Yes but to have your MP they'd most likely have rooted your device, they could surely do the same to your mobile.

If they could do one, they can do the other. Just a matter of efforts I guess