There’s a balance between convenience and security and IMO storing both on 1Password is fine. An attacker getting into your 1PW account would require them having
your username
and your password (which should be unique to only 1PW)
and your secret key
or physical device access with your 1PW password or biometric auth credentials
in which case an attacker really wants your stuff, has your device, and you have bigger issues.
I feel like this is similar to saying “is your front door lock strong enough?” when a thief is at your door and really wants to get inside, regardless of level of effort required.
There’s a balance between convenience and security and IMO storing both on 1Password is fine. An attacker getting into your 1PW account would require them having
your username
and your password (which should be unique to only 1PW)
and your secret key
or physical device access with your 1PW password or biometric auth credentials
in which case an attacker really wants your stuff, has your device, and you have bigger issues.
I feel like this is similar to saying “is your front door lock strong enough?” when a thief is at your door and really wants to get inside, regardless of level of effort required.