How to protect your seed phrases for a hardware wallet or multisig.
I’ll start by saying, do what is right for you. This is written in a step by step manner that can be evolutionary. You don’t need to do all of these right away and you can certainly expand upon your solution over time. The other thing to keep in mind is that simplicity and complexity are both the enemies of security. Every step you take to make it harder for someone else, also makes it harder for you. Every step you don’t take, makes it easier for someone else.
Where To Store Bitcoin
Everyone is different and I’ll reiterate that you need to do what is right for you. This is how I broadly think of where to store coins:
Exchange: $0 because not your keys, not your coins.
Hot Wallet or Lightning Wallet: $1 to $1,000 or what most people think of as spending cash or your checking account.
Hardware wallet: $1,000 to $100,000 or what most people would consider a savings account.
Multisig: Anything over $100,000 or what most people think of as a retirement account.
The caveats to this is not everyone is sophisticated enough to hold their own keys. If that is you, leave your coins on the exchange. Bitcoin IOUs are still better than no Bitcoin exposure. Personally I wouldn’t leave much in a hot wallet because the keys are online. Some people want everything secured by a hardware wallet and I lean in that direction. Everyone transitions from hardware to multisig at different times? The reason I use $100,000 as a number is that is roughly getting into the cost to attack a hardware wallet so leaving millions of dollars on one is reckless. Others will point out that one bad mistake with a hardware wallet can make you lose everything which is true. Like the exchange point, do what is right for you.
Pound for pound, a simple hardware wallet is the best first step and maybe only step you need to take. I have tried multiple hardware wallets and they all come with their own unique trade offs. If you are buying your first one, find the one that is right for you. If you are going to do a multisig set up, buy from multiple vendors as opposed to three or five devices from your favorite vendor.
Ledger Nano S — $59: The Nano S is the most popular device on the market. It is affordable, easy to use, but the small storage size means you can only hold a few coins on it. The device has a secure element so your seed is protected from physical threats but the app and software is closed source so you have to trust Ledger.
Ledger Nano X — $119: The updated device builds off the older S model with added bluetooth functionality if you want to use it with a mobile app. It also has a lot more storage space so you can add more coins if you want to move away from only Bitcoin or the top few. The same trust model applies with the secure element and closed source software.
Trezor One — $59: This is the original hardware wallet that was created in 2013 and it still works well. It does not have a secure element so some technical knowledge and equipment is needed to extract the seed from physical attacks but that can be remedied with a passphrase. The device and and the software is completely open source which is why they do not use a secure element.
Trezor Model T — $179: The T has a beautiful touchscreen and microSD card slot. The touch screen makes it easier and safer to enter sensitive information on the device itself as opposed to the computer. The screen also makes it easier to see and verify contract information. The T has newer firmware with added support for additional coins if that is your thing. This device, like the One, is completely open source without a secure element.
Cold Card — $119: The cold card is a Bitcoin only device that will never add any other coins. This device was made for Bitcoiners and that will never change. It does not have wallet interface like Ledger or Trezor so you will need to have your own preferred wallet interface like Specter and your full node if you want to use the device. The device and software is 100%* open source with a secure element. (* below in Misc Info).
Keepkey — $49: Keepkey is a Trezor clone that uses the same codebase but made by the company behind the popular trading platform Shapeshift. At its normal price point, I would recommend getting another device but these are frequently on sale for $5. If you are hard pressed for cash and see it on sale, it is still a good device to start with but updates have been sparse given how much work has been done creating the Shapeshift platform and its new decentralized exchange.
Ledger: Ledger has suffered from two data breaches in 2020. The data exposed was millions of people on its mailing list as well as millions of names, addresses, and phone numbers from orders itself. While these issues have been addressed, you may want to order a device off of Amazon or use your work address with fake information.
Trezor: Trezor is a Bitcoin first company. While it supports other coins, it will continue to prioritize Bitcoin advancements over any new coins or coin features. It is also spending $50 million to help fund an open source secure element. Secure elements are traditionally closed source and under NDAs. The Trezor team for example has found vulnerabilities in the closed source code associated with several secure elements but under NDA and cannot talk about specifics of those attack vectors.
Cold Card: I use an asterisk on it being 100%* open source because the device uses a clever trade off. The seed is generated on the secure element but all of the transaction signing and operations of the device are on a general purpose chip. The secure element and that code is closed source but serves only one function. The rest of the device and the software is open source and uses Trezor’s cryptographic libraries.
Hardware Wallets For Multisig
For a multisig set up, you should use multiple devices from a variety of brands. Some features such as a passphrase are additive when it comes to security. Adding multiple devices becomes multiplicative to security as an attacker would need to compromise numerous things across brands as opposed to one thing across numerous devices from one brand.
Trezor Segwit Drama: In June of 2020, a security researcher found a possible attack vector on Trezor devices and submitted the bug report to patch the software. The drama was that this vulnerability wasn’t a bug specific to Trezor, it was an attack vector within Segwit itself and effected all Segwit addresses in Bitcoin. When Trezor firmware was updated, it prevented attacks on Trezor devices but it means the wallet was then incompatible with some Bitcoin software. So let’s say you updated the firmware on June 4th and wanted to use your Trezor to send a Bitcoin transaction, it worked fine. If you tried to use a Trezor with the updated firmware with a Bitcoin application such as Wasabi or BTCPayServer, it may or may not work anymore and you would have to use a Coldcard or something to move those now stuck coins. If you updated the firmware and on the 5th needed to make a multisig transaction, your Trezor would no longer be able to sign the transaction until the other devices in your set up issued software updates to address the Segwit vulnerability OR you would need to use the other signers that are not Trezor devices. This has only happened once in the history of Bitcoin so it’s definitely an edge case but something to consider.
One possible redundancy you can do is buy two of each device in your multisig set up. So rather than one Trezor, Coldcard, and a Ledger you buy two of each. When you set up the first Trezor with a new seed, you then set up the second Trezor with the same seed. One devices gets updated as you need to update it and the other device stays with the old firmware. This doubles your cost to set up but it would have prevented some issues for some people as they waited for the fix.
Ledger Blind Signs: The way Ledger is designed, it blind signs complex transactions. This is a common complaint during multisig use or even smart contract calls by certain coins. It works but the firmware doesn’t allow you to verify what action it is taking which is further hindered by its small screen. I should note that when you use Ledger for multisig, it will tell you to verify the data on the computer screen but that opens up the possibility that the information presented isn’t correct. The only true way to verify anything, is on the device itself.
Computation: Multisig requires a lot more computation as it is doing more than a 1 of 1 transaction. Depending on the number of UTXOs in that transaction, it could take a while to process so you may want to buy a hardware wallet with a better CPU. This means getting the Ledger Nano X over the S, Trezor Model T over the One, or the Coldcard Mk3 over the older generations.
Features By Locations: We’ll get into this much more later but you may want to have a device or devices that support PSBT (Partially Signed Bitcoin Transaction). This way you can sign a transaction offline with a laptop you bring into a bank vault and then broadcast it at home when you have an internet connection.
What You’ll Need
Now that you understand your devices, you’ll need to figure out how large you want your quorum to be in an m of n set up. Do you want a 2 of 3, 3 of 5, or something else all together? From there, you need to save:
m of n seed phrases (example: 2 of 3 although you should save all 3)
n of n xpubs from each seed phrase (example: 3 of 3)
derivation paths of each wallet
any passphrase you may decide to use
firmware version of each device
Each of things will need to be saved and can be saved in different manners based on your needs.
How To Store Your Seed Phrase
When you are generating your seed phrase, read each word on the device itself, write it down on the first sheet of paper, and do that until you go through all 12 or 24 words. Once you get through the first round, your hardware wallet will ask you to verify it. Read the first word on the device, make sure it matches what you wrote down on your first piece of paper, then write it down on the second piece of paper. If you write it down on both at the same time, you may create two mistakes or catch one mistake but leave the second.
Now that you have a piece of paper that could store $100 or your life savings, how do you protect it? You want to think in an adversarial way where you leave no single point of failure. The first thing I recommend people do is have one of those back ups written in pen and the other one in pencil. Let’s say you leave it stored away somewhere for a few years and need to come back to it, ink bleeds and pencil could fade. Use both to create some redundancy.
The next thing you may want to consider is to laminate it to prevent water damage. Accidents happen. It could be a burst pipe, a leak in the ceiling, or even a spilled cup of coffee. Laminating your seed phrase prevents all of those things. However, the acidity of the laminate could cause the ink to dissolve over time. This is again why I would recommend one laminated one in ink and another non laminated one in pencil.
You may already know where this is going: fire damage. Laminating a seed phrase and having a paper back up may prevent one seed from being destroyed, but a fire would destroy both, You may want to consider metal backups. There are a lot of metal seed plates you can use and Jameson Lopp has done thorough testing of a variety of brands that are on the market. Some people will replace their paper ones with a metal one or you can have all three copies in the same place to create redundancy. This is great for your seed storage but not as applicable for the rest of the things you need to backup.
Another common method of storing seed phrases is on a USB. I generally don’t like this idea because you seed should be offline but there are some niche cases where this may be useful. There are some things you should consider though starting with USB bitrot. USBs, like paper, break down over time but the difference is that paper has lasted millenia. You also have the changes in standards such as us moving from USB A to USB C or the software you write your seed phrase in. If you write it in Microsoft Word 2021 and need to get to your seed in 10 years, will you be able to open it? Probably but you’ll always be able to read paper or metal.
One niche case where it is useful is where you need to store it with someone else or in a less secure place such as your office. Anyone can see a piece of paper with some words on it but not everyone can get passed USB encryption. If you are going to put it on a USB, I would highly a password so someone doesn’t borrow your USB, wipe it for their needs, and then give it back to you. Another consideration you may or may not want to have is a USB with an encryption failsafe. Some encrypted USBs will wipe itself after 10 or so failed password entries. That may sound like a good idea but as the Ripple CTO has found out, you could lock yourself out of $220 million of Bitcoin.
You can absolutely store the other bits of information on a USB though such as the derivation paths, device fingerprints, and maybe even the xpubs. The xpub shows all of your addresses, past, present, and future so could be a privacy issue if there are funds on a single device. In a multisig set up, you cannot determine the addresses used off of one xpub.
If you are going to leave your seed in a location that is not entirely private, you may want to consider buying some tamper evident bags. These are plastic bags often used by cash businesses or banks to ensure that no one has tampered with the contents of the bag. You can place your paper, laminated, or metal seed in a tamper evident bag so if you come into your office and see the bag as opened, you know the seed has been compromised.
Another form of tamper evident products is a seal. Let’s say you laminate your seed and want to hide it in a book on your shelf. You can fold the seed in half and place a tamper evident seal across the two ends of it ensure that it stays closed. This way if someone finds your seed, you know that it has been viewed or not.
If you want to gain the benefits of tamper evident bags or seals but on a budget, you can do so with household products. Get some nail polish or paint and throw some across the envelope so it looks like abstract art. Once it dries, place your laminated seed in the painted envelope and lick it shut. Before storing it, take a picture. The point of this exercise is that the randomness of droplets is near impossible to replicate. This added entropy is a way to ensure that no one opened your envelope, saw your seed, then tried to create the same splatter marks. I recommend using the laminated seed with this because the liquid you use may be corrosive when it is dry.
Something you may want to consider is buying a fireproof bag. If you don’t want to spend money on a one off solution such as metal back up plates for your seed phrase, a fireproof bag is a more universal way to invest in a similar level of protection. You can buy a variety of fireproof bags that will last to variable degrees of heat and durations of fires to protect your paper and laminated seed as well as any other important documents such as your social security card, pink slip to your car, etc. If you go that route, check the water resistance levels of the bag. If your home catches on fire, it will most likely be doused with water as someone tries to put it out.
If you live in an environment with multiple people, you want to consider a fireproof safe. Bags are a great start but it can be opened by anyone. Safes come in a variety of sizes so it can be something small that fits under your bed or something larger that fits in your closet. Again, check the water resistant rating on the safe. You may even want to combine the two and keep the fireproof bag inside the safe for further redundancies.
If you go the safe route, you will see older combination lock safes to more modern versions that have fingerprint sensors. Your threat levels will vary but there are three pillars of security: things you know, things you have, and things you are. Remembering a combination lock may be easy for some but others remember fighting with their locker in school. You could use a key but that means you need to protect that key. A fingerprint sensor sounds great but if your threat model includes someone breaking in and kidnapping you, it is very easy to place your hand on a safe to unlock it. Conversely it may also take them the safe 5 minutes to reach into your pocket, find your car keys with a safe key attached to it, and unlock the safe that way.
Accidents happen in the most unpredictable ways sometime. This may be over the top for most people but you may want to look into a faraday bag to store your devices. A faraday bag ensures that signals are not getting in or out of the bag to protect the contents. This could protect you from something as minor as a solar flare or a nation state attack from an EMP or surveillance. This is an edge case for most individuals but a necessity for exchanges like Coinbase.
With all of these things in mind, do what is best for you. You don’t need to do all of this at once, you can add to your security set up over time or as your threat model changes. Conversely, since you have multiple backups to protect, you can start with the most vulnerable one and then add protection to the other backups later.
Again, do what is right for you but the copies of your seed phrases for a multisig wallet should ideally be dispersed across multiple locations. Your ability to do this safely will vary as does the complexity if you did a 2 of 3 or 3 of 5 or other multisig set up.
Your home: This is the obvious place to keep at least one seed phrase back up. You may live alone and feel comfortable leaving it in a bad hiding spot such as inside of a book or you may have made multiple copies, placed that inside a fireproof bag, and locked it away in a fireproof safe. Some things to consider when having a seed phrase at home beyond the redundancies mentioned earlier starts with an unaware individual. This could be a spouse or a maid but to the average person, 24 random words scribbled on a piece of paper looks like trash. You may want to inform them about what it is or at a minimum, that is important to you without disclosing what it is.
Safety deposit box: This is a common one but not without its caveats. The one people forget about is that you need to renew that lease every year or they can destroy the contents of the box. If you forget to pay the bill, the bank branch will try and lease it out to someone else and may shred your seed or know what it is and try and use it. It is hard for an evil bank manager to use the deed to your home in a malicious manner because you are living there. It is very easy to anonymously move your coins with a standard hardware wallet set up. This is again, one of the niche cases where a USB backup in a fireproof bag may be better than the paper and metal seed backup. An under thought about threat about consideration is time or the availability to access your back up. Banks are only open Monday through Saturday, normal business hours, and closed on holidays. Another issue emerged during COVID as businesses were shut down and people were locked out of being able to reach their safety deposit boxes for days on end.
Work: This is often times a cross between the considerations you need to make while protecting your seed at home as well as in a safety deposit box. Some people have a private office while others are in a communal area. Some people have 24/7 access to their job while others are more restricted. Having a seed backup at work is a good consideration but depending on your work environment, the way you implement that will need to vary.
With a relative: The obvious threat model here is that you really need to trust them. Your level of trust also can impact what and how you store it. If it is a single hardware wallet, maybe you want to go with the USB route or ensure the seed wallet itself is blank but all of your coins are stored on the passphrase portion of the wallet. If it is a multisig wallet, you can give them the paper, laminated, and metal seed in a fireproof bag as it is only one signer. The consideration you then have to make is if your relative is able and willing to conspire against you with someone in your home or has access to your home if it was a 2 or 3 multisig. This is less of a problem if you do a higher threshold such as a 3 of 5.
With multiple relatives using Shamir Secret Sharing: This is currently only supported on the Trezor Model T but you could give 1 key for your adult kids or other relatives split up into multiple shares. If you are not familiar with Shamir Secret Sharing, it is a way to cryptographically split up information just like a multisig wallet where you need to combine the shares in order to recreate the information. You could take generate the Trezor seed as a Shamir backup, and use that 1 signer that you never need in a multisig scattered across multiple relatives’ homes. The majority of your children or other relatives would have access to one seed as opposed to three seeds and still all need to conspire against you.
Lawyer: Let’s be honest, this may sound like fancy rich people solutions but you could list this as part of your will which doesn’t cost much. You could give them the last seed phrase or only the password to the seed phrase. If you draw up a will or a trust, assume that seed phrase will be digitized and stored in some database that could be hacked eventually. That seed should have no value on it and act as a single signer. Or you can only give them the passphrase to your hardware wallet and take care of securing the seed yourself.
The cloud: I want to stress how bad of an idea this is for a single hardware wallet. Do NOT ever backup your seed digitally and store it on the cloud. However, if you really don’t have extra ways to secure seed phrases and you are using a multisig, you could store a seed phrase with $0 in value in the cloud as a last resort. Again, this is a terrible idea if it has any money on it and is useful for anything other than a single signer in a multisig set up.
Advanced Locations: There are five ways you could store your seed phrase for your hardware wallet, a 2 or 3, or even a 3 or 5 multisig depending upon what is best for you. Ideally your seeds should be in multiple locations, but that doesn’t just mean physical space. If you can, think about getting your seeds in multiple cities, states, or countries. Your home and work may be in the same city but is almost definitely in the same state. If you work remotely then it is literally the same location. So if you are going to give one of your seeds to a relative and you have multiple trustworthy relatives, you may want to choose one that is out of state or the country should there be massive wildfires as seen in California or winter storms that are common along the east coast. The next time you go on vacation, you may want to consider making a few phone calls and try and spend 1 hour opening a safety deposit box in that city. Depending upon the travel time, assume that will be on the seeds you will not have to use in your multisig often.
DIY vs Collaborative Custody
If for someone reason you don’t think you can do it yourself or if you don’t have a place to store one of the seed phrase backups you can try something called collaborative custody. There are services such as Casa and Unchained Capital that allow you to set up a multisig but they hold 1 of the 3 or 5 keys. For example, you can set up a Trezor and a Coldcard for a 2 of 3 multisig and if you lose one of your signers or you can’t get to the safety deposit box that is another state, you can ask them to sign with the 3rd key that they hold. The biggest trade off is privacy as they would know your balance which is also why Casa lets you sign up with a pseudonym. Casa also lets you use your phone as one of the signers so you only need to order one hardware wallet instead of two.
Collaborative Custody Paranoid
If you are going to do a collaborative custody model and you are paranoid about security, buy your hardware wallets directly from the manufacturer themselves. I can’t imagine this happening from any reputable company BUT let’s say Collaborative Custody Corp. sends you the two hardware wallets directly and you set them up yourself with all of the above steps. You plug in your Trezor, verify the receive address, and the xpub confirms that it is 1 of the 3 signers in a 2 of 3 multisig. You plug in a Coldcard, verify the receive address, and the xpub confirms that it is 1 of the 3 signers in a 2 of 3 multisig. You then send your Bitcoin to the multisig address and feel great that you just secured your coins except that you may have sent it to an attacker at Collaborative Custody Corp.
Why? You assumed that the Trezor and Coldcard are 2 of 3 but all you proved is that the Trezor is 1 of 3 and the Coldcard is 1 of 3. An attacker at Collaborative Custody Corp. could have sent you those hardware wallets but has four devices themselves. 1 is your Trezor with 2 of the attackers. 1 is your Coldcard with the other 2 being the attackers. By buying your own devices, you prevent a single point of failure of Collaborative Custody Corp. being the retailer. You also need to take the extra time to make sure you verify the receive addresses together to ensure that it is indeed 2 of 3 rather than 1 of 3 and 1 of another 3.
I recommend Casa all the time. For $10 a month, you can get a 2 of 3 multisig which is a very affordable option especially since you can stack within the app. Personally, I think Casa is a highly underrated service for nubes and often point people there instead of Coinbase or Gemini. That being said, the 2 of 3 multisig is really a 1.5 of 3 multisig without one extra step.
Casa Gold by default uses your phone as a signer, asks you to use a hardware wallet, and then Casa holds the 3rd key. The key that is derived from your phone is a key they generated for you, encrypted on your device, and then backed up to your cloud storage provider (iCloud or Google Drive). While I trust Casa to not do anything nefarious, the best thing you can do is replace that phone key with a second hardware wallet. This removes any uncertainty around the key generation process or the decryption process should Casa go bankrupt.
This is mostly for the Casa Gold users out there but applies to all Casa plans. If you have a 3 of 5 Casa plan, you lose one backup, and then Casa goes away you are left with a 2 out 5 and unable to spend your coins. Again, I love Casa, I don’t want to FUD the service, but I know that FUD is out there and wanted to touch on that as a work around for anyone considering Gold. Casa has a guide on how to handle things if Casa goes away including exporting that single key.
Collaborative Custody Privacy
The benefit of having a multisig set up is that you can lose a device or the seed backup and everything will be alright. The downside is that you need all of the xpubs in order to spend any coins with your quorum. That being said, if you use a collaborative custody service and your other hardware wallets have funds on them, the service will know about all of those funds. Normally, a node would protect against a third party knowing your xpub but that doesn’t work for multisig. If you are going to use one of your hardware wallets for funds in addition to your multisig set up, you might want to use a passphrase for that device so the exposed xpup is different from the xpup with the passphrase.
The next thing you may want to consider when leveling up seed phrase security is adding a passphrase. If you are only using a single hardware wallet, I would highly recommend it to most people. If you are generating a multisig from a single vendor, you may want to consider it. If you are generating a multisig from a variety of vendors, it is probably not needed.
What kind of password or passphrase should I use? There are two kinds of passwords and two kids of passphrases and each is more secure than the next but you also need to remember.
The standard password: This is a standard password that we are all accustomed to using. It can be something as terrible as password123 or your anniversary 03172007.
The standard passphrase: This is a bit more secure as it is generally longer in nature than most passwords, has increased levels of entropy (another word for randomness),and is something you can easily remember such as MomLikesYellowDaiseys.
The BIP39 passphrase: This is a more secure variant of the standard passphrase. Instead of several words making a phrase that you can remember, this chooses from BIP39 wordlist that was used to generate your seed phrase. The benefit to this is that it has much higher entropy than MomLikesYellowDaiseys which is a sentence that makes sense to AbandonBaconCameraDash which does not. The benefit is this increased entropy will be harder to crack but if you do forget it, you have a defined list of 2048 words you would then have to brute force as opposed to the entire english language.
The alpha numeric password: This is the kind of password that we should all be using but most of us rarely do. Something such as doskGRC2aL$$YqbGRjr!UN@MXRAqbCXPvNEsqG3ENE8I0MFrD0 which has a high degree of entropy but there is almost no way that a human brain will remember that.
Let’s go back to who should use a passphrase and why. As you can see by the picture on the right, no computer on the planet can brute force a 12 word seed let alone a 24 word seed so I want to put to bed the idea that everyone needs to add a passphrase to your device.
A password or passphrase may help you if you get tricked into downloading a malicious application. When you set up a new device or recover an old one, you should only type your seed directly into the device itself and not into any applications. Ever. This is a common attack vector for nubies as they download a fake Ledger Live desktop application that looks like the real one and they enter their seed because of an “issue” and their funds get stolen. However, this can happen to the most seasoned people as one podcast host learned after 7 years in the space.
The same rationale as the phishing software, may also work if you are kidnapped or held at gunpoint. You can let the attacker find your seed or unlock the wallet and find some of your coins but the passphrase hides most of it.
If you are using a Trezor or another device without a secure element and believe someone may get a hold of the device and target you, you should use a password or passphrase. Kraken Labs and others have published attack vectors on Trezor devices because it doesn’t use a secure element, a chip that encrypts sensitive data. The report shows how to extract the seed phrase in 15 minutes for a less than a few hundred dollars. Sounds terrible but realistically this is an edge case that requires physical access to the device and a lot of technological know how where Trezor (and myself) don’t think it is that big of a problem to be concerned over and published a response to the attack. However if you are a high ranking person and would be a potential target, you may feel otherwise which is why I say most people shouldn’t be concerned.
Ledger has a similar issue despite having a secure element because you cannot trust the randomness of the seed generation on a closed source device. Again, there is no real concern for most people but these vulnerabilities are real.
So if you are storing life changing amounts of money, holding funds on behalf of other people, or in a rare class of people who may be targeted for something then you may want to consider a passphrase. These are all edge case scenarios but a password/phrase will add an extra layer of protection from all sorts of risks.
Cloud storage and password managers
Do not store your seed in the cloud. Do not store your seed on anything digital or has a connection to the internet. If you are not going to listen to that bit of advice, fine, but do not store your password/phrase in the same location.
Password managers like 1Password are great and I highly recommend using one. However I know a lot of friends who use the 2FA code feature within 1Password or store every sensitive file in their password manager. Let’s say someone is able to get into your password manager and they find your seed phrase in there, enter it in, and it is blank. They would then look around for your password/phrase for your seed and they may find something and try it again. If not they could find your exchange account, use your email, password, 2FA, and drain the exchange funds. The entire point of the 2FA is the 2 part. If it is all in the same place, it is 1FA.
If you ensure your passwords, seed, and 2FA are all in separate locations, make sure nothing can happen to one of those accounts as Dustin Curtis recently discovered. You can store your seed offline, your passwords Apple Keychain, and your 2FA codes in 1Password but without one, your seed backups are useless if you chose a more complex password/phrase from the four options mentioned previously. It may be worthwhile using more than one solution for your passwords and 2FA codes just like you should make copies of your seed.
Some people use Google Chrome to save their passwords. Something is better than nothing. However if you go to www.passwords.google.com then you can see all of your saved passwords. Please make sure your Gmail password is a strong one and add 2FA to your Google account. The worst thing you can have happen is save your seed in Google Drive or Dropbox and your super complex password is stored in your Google account and someone is able to steal all of your coins despite having it in two different locations.