[subb]

I did a roundtrip to the password security rabbithole since the LastPass incident and my conclusion is there's virtually no way to have something truly safe - you can have a lot of layers to protect your accounts, but there's always a weak spot somewhere. Plus the more layers you add, the harder it is for you to use...

Sure you can have a yubikey for your 2FA, but then you need a backup in case you loose it or break it, and you need to store that backup somewhere (physically or virtually), and you need to trust / secure that location, or encrypt the data, but then you need another secret to decrypt it, and you need a backup of that too, and so on.

I don't see any way to break that Russian Doll effect. Any suggestions?

[digitallyfree]

There has to be a point where the data is secured by a password, and you will need to keep that password safe both in your head and in a secure location. In your case this would be your password to your backup file.

Pick a good password for the backup and recall it every morning and at random points in the day; the intent is to make you remember it even under stress. Also have it printed out or written somewhere in a place that no one will notice/find - say as a scribbling in your sketchbook or printed at the bottom of a document in your file folder. If you're creative you can even hide it on a sticker inside an object or so forth. No one will know that the string there actually is your password, and if you want you can split it among different pages/etc.

[smallnamespace]

A backup second factor is not very likely to be useful to an opportunist. Is they a reason to not just store it at home, perhaps in a fire resistant safe?

[subb]

Mmm maybe. A bit annoying to backup regularly, but maybe by doing an hybrid approach like other have suggested here could help reduce the backup frequency/annoyance, i.e. duplicated two-factor key for important accounts, and the rest is stored in a password manager.

Now if only banks would implement proper two-factors...