A password manager is pretty standard for holding Nostr keys. It basically has built in 2FA: something you have (the password database) and something you know (the password to unlock it). There are people working to make this more usable/safer in the future. ManiMe is exploring using seed words to generate multiple linked private keys so each client/device you use could get its own key. There's Amber, which holds your private key in one app and then other nostr clients can request that Amber signs each post (so the nostr clients never see the key, only Amber does). That doesn't address backups, but it helps lower the risk of a key being compromised. github.com/greenart7c3/Amber Other people are working on multi-sig solutions so two apps would need to be involved in signing each post. There's quite a bit going on in this area.