Forget your existing cloud. Your 2FA backup doesn’t need to be protected by 2FA; just encryption and a strong/unique passphrase. Your 2FA backup can’t be used to access any account on its own, without each password. Most OSS E2EE services allow you to create a free account; many without an email. Pick 2 for redundancy, create a new account, and set a NEW passphrase (like your 2nd “master” password). Before you transit upload your OTP backup to both of them.
This approach is probably more secure than SMS to access 2FA, especially from a closed source provider like Authy. If you’re already using a password manager and unique passwords for everything, you’re already 95% more secure than everyone else, and removed the primary need for 2FA (password reuse and theft). If you’re doing everything else right, 2FA only makes you 5-10% more secure, and covers you for less-likely threats. Sys admins have been raw dogging SSH and PGP keys every day without a 2nd factor, for decades.
Forget your existing cloud. Your 2FA backup doesn’t need to be protected by 2FA; just encryption and a strong/unique passphrase. Your 2FA backup can’t be used to access any account on its own, without each password. Most OSS E2EE services allow you to create a free account; many without an email. Pick 2 for redundancy, create a new account, and set a NEW passphrase (like your 2nd “master” password). Before you transit upload your OTP backup to both of them.
This approach is probably more secure than SMS to access 2FA, especially from a closed source provider like Authy. If you’re already using a password manager and unique passwords for everything, you’re already 95% more secure than everyone else, and removed the primary need for 2FA (password reuse and theft). If you’re doing everything else right, 2FA only makes you 5-10% more secure, and covers you for less-likely threats. Sys admins have been raw dogging SSH and PGP keys every day without a 2nd factor, for decades.