Two-factor authentication terrifies me.

For my bank from my country of origin that I maintain, I get a battery-powered RSA token. From that I can generate a mobile 2FA token in an app that I can use to log in for day-to-day transaction. If I lose the devices with the 2FA token, I have to pray that that CR2032 is still alive or I lose access to that account until I spend thousands of dollars on international flights (replacing the battery resets the device)

2FA can be "backed up" by either using a 2FA soft token program that allows for backups, like 2faone or Authy, OR by the services themselves granting backup codes for emergencies. For my threat profile, I have no problem storing my 2FA backup passwords/codes in my master password safe. If that is compromised, I was doomed anyway.

If a service does not allow the use of "generic" TOTP ala Authy or Google Authenticator, AND it does not allow for one time use backup codes, then I do not use 2FA with that service unless required. My main bank forces the use of their own built in 2FA (Symantec VIP on the backend) which pisses me off. My work uses Okta and RSA. Oh well.

python-vipaccess might interest you. I used it for both PayPal and eBay at one point. https://github.com/dlenski/python-vipaccess