So, when my nontechnical friends ask me what they should be using for 2FA, I'm kind of at a loss what to tell them. It's either a false sense of security (e.g., SMS), or too complicated for them (Yubikey).

There's got to be a better system.

Authenticator Apps?

The difficulty there is evaluating which ones are reliable, secure, and easy to use. I'd welcome recommendations.

I personally use andOTP [0] which I'm a fan of. I've been thinking of switching to aegis [1] for nothing more than a UI change.

[0]https://github.com/andOTP/andOTP

[1]https://github.com/beemdevelopment/Aegis