What advice does anyone have to offer ?
It comes down to decreasing the attack surface - so best use a device with small online presence to store your passwords. I wonder if a sandboxed 'secure' phone (i.e. Samsung Knox) or an offline virtual machine might help? Unfortunately I know little about how / how well that should work. Maybe somebody here can explain.