1password now has a 2fa module. It would essentially scan the QR code provided by the services, and on top of storing the username/password pair for your logins, it can also store the relevant 2fa information, generating the codes for that.

Which makes it the same as “if someone got your phone and broke through your biometrics”, except instead of using 1p and a set of TOTP apps, you use one app.

That said there are problems with the QR codes themselves, see https://medium.com/crypto-punks/why-you-shouldnt-scan-two-factor-authentication-qr-codes-e2a44876a524.

A potentially viable alternative is using a passwordless login instead – you want to log in, give the service your email address, and they mail you a one-use token that’s good for half an hour. The downside to that is if your email service is offline, you can’t log in.

I’m also about to move away from Authy, as much as I can, due to them needing my phone number for accounts, and as we’ve seen with Facebook recently, phone numbers are used to connect accounts between services and advertising.

It would be interesting to set up accounts using your public key and whenever you need to log in, you’d present your private key, much like ssh connections.