As stated by keepassxc: yes to in the same database results in a single point of failure but the easy and good solution is to store them in a separate database. Definitely more secure that stuff like some authenticator app on the same phone where the otps are used