Sounds like a good system. Having something easy that you will actually use is the most important thing.
There is no one-size-fits-all solution and it should clearly depend on the threat model. I can imagine why someone who could be expected to have the keys to CloudFlare's infrastructure might want to take extra care.
I thought this might be the case, but it doesn't stop people from believing you may be a high value target. So the good security practices are very prudent.
