+1 I just host my Vaultwarden server and then, I have all my 2FA secrets in my vault as well. Works very conveniently with autofill enabled by default for OTP codes.

I just have a strong vault password for my vault and that should be more than enough I guess