[Larrikin]

1password works just fine with OTP across all my devices.

Using an authentication method tied directly to and dependent on my phone seems extremely risky and short sighted. A phone can be lost, fall out your pocket into a toilet, etc and those are just accidents. They also basically have a max life time of five years. What happens when you buy a new phone?

[bmitc]

Well yea, but many big players do that: Google Authenticator, Microsoft Authenticator, Duo, Okta, etc.

You use 1Password as your authenticator as well? Doesn't that make it not multi-factor if it contains both your password and authentication?

[pseudalopex]

The 1Password database is something you have. You unlock 1Password with something you know or something you are.

[bmitc]

Does that answer the question? If you have a password and key for 1Password, and keep both your passwords and authentications for accounts behind that password and key, doesn't that defeat multi-factor authentication? Because if the person has access to your account password within 1Password, then they also have access to your account authentication within 1Password.

[pseudalopex]

Factor means something you have, something you know, or something you are. 2 are needed to access 1Password.

Storing everything in 1 app makes the app a single point of failure. Storing everything on 1 device makes the device a single point of failure. Single point of failure and single factor authentication are different.