[FrenchDevRemote]

we've been told for decades to "not write passwords on postits" and we're really back to square one...

[lxgr]

It's not a password, it is a secondary, single-use recovery second factor.

Carrying that around in a wallet doesn't make you any more vulnerable to physical attackers than carrying your Yubikey on a keyring, and it's much more secure against remote attacks than SMS-2FA (where you can fall victim to SIM swapping, number porting attacks etc).

[charcircuit]

ideally the paper would be in a safety deposit box / safe and not stuck to your monitor.

[FrenchDevRemote]

If it fits your need to have it a fixed location, then yes.

But he talked about traveling.

IDK about you but I don't travel with a safe in my backpack

[lxgr]

Just put it in your wallet and/or luggage. Without your account name and password, it's useless to any potential thief.

[justinclift]

Lots of people's luggage include enough info to work out their name and likely home location, which is commonly enough to work out their username for a lot of popular services.

That makes the whole "stolen luggage" thing even far riskier. :/

[lxgr]

But hopefully your luggage does not contain your Google account password.

Again, the recovery code is one factor.