All my drives are encrypted and have an encrypted backup of 2FA, a whole bunch of drives and my phone would all have to fail at the same time. This is following 3-2-1 so not all are in the same place or running at the same time
I use veracrypt to make encrypted portable files that contain 2FA and I back them up to random cloud storage using simplelogin email accounts, no 2FA on these for this exact reason. I know my password manager passphrase but I also do the same thing with it as the 2FA file just on a different account.
If any of the accounts gets hijacked then all they have is a throwaway email and password for that account and a random tiny encrypted file.
My codes aren’t labeled with the email that they are for, just the service, e.g Proton1, and the passphrase has no other information stored with it so even if they magically managed to decrypt either of the files and gain access to the codes/ passphrase they don’t have any idea what accounts any of them are for.
Log in to a cloud storage -> download the file -> decrypt it -> add it to any compatible app -> login to the password manager