toastal

I have 24 keys in andOTP. I have the backed up with password-store and the OTP plugin. I also have my most frequently used ones on profiles in my hardware OnlyKey which can support FIDO2, TOTP, Yubikey's special format, text passwords and more. I have 2 of these keys, the other in a fire safe. I'm not really concerned with losing a single device because of redundancy.

The things I hate about the 2FA process:

1) requiring a phone number, especially only having SMS for 2FA like my foreign bank (I've reported the issue with SIM swapping with them on support and in person, but considering their system still isn't UTF using a very old encoding so I can't even type a comma in a message without errors, I'm not holding my breath)

2) not offering WebAuthn, especially as a big firm

3) Supporting specifically Yubikey and not FIDO2/WebAuthn

4) using some bullshit closed-source wrapper around TOTP like Symantec VIP that doesn't have a Linux client and requires me to use some random Python script to get spoof a Mac system to get a code (thanks Schwab)

synthos
Is this the Symantec script you're referring to? https://github.com/dlenski/python-vipaccess Once you follow those steps you can generate codes from any TOTP system (Yubi, Android, etc).