2-factor auth

[zonk]

I think the last thing that's holding me back from switching to a dumb phone is 2fa. What are some good alternatives to smartphone apps for TOTP, and what's it like using them in the real world?

[Crazyroostereye]

There do exist TOTP clients for the Desktop, and in Password Managers like KeePass and Bitwarden.

While I do have a Smartphone I actually rarely use it for 2FA, I primarily use the Passkey/TOTP integration in Bitwarden (I trust it as I do Selfhoste it in my own Network so no Internet access without VPN).

Another option are FIDO keys, which are USB devices that store and act as Passkeys which also sometimes offer a TOTP.
Example Yubico's YubiKeys

They are a bit Pricey but are good and secure devices usually.

[zonk]

I do use KeePassXC so I am tempted to use that. As they state in their docs, though, putting TOTP keys in the same database as the passwords defeats the security of 2fa. I am considering making a second database just for them, but that will be a bit annoying (of course the TOTP database would need a different password to remember).

[Crazyroostereye]

As they state in their docs, though, putting TOTP keys in the same database as the passwords defeats the security of 2fa.

Not entirely. Yes in the case somebody gets access to your KeePass it will mean that 2FA is useless, but when that happens they most likely have access to your Computer (or you Lost the KeePass File, never Upload your KeePass file keep it local).
But the more likely attack your account will witness is a Brute Force or leaked Password, where the 2FA will work having it in your KeePass. It depends on the Risk you are willing to take.

But when this Risk is still too high, which I fully understand, I would recommend A FIDO Key with TOTP functionality.
As the FIDO Key acts as a Hardware Passkey, so you can make use of Passwordless, and if that dosent work for the Service you can use the TOTP feature.

[Kolev]

As it's advisable to keep password database and 2FA tokens separate, I'd go with an app dedicated to 2FA. For GNU/Linux, GNOME has an app called Authenticator.

[drmollytov]

A weird fun fact I discovered at work: Microsoft Authenticator will still allow me to log into my work account, even if the phone contains no SIM card, as long as the phone has access to wi-fi.

I have a Galaxy S8 that got softlocked (long story, kinda my fault), so I deleted everything off it except Authenticator. It now lives in a locked drawer in my work desk, and I take it out every two weeks when my computer insists I prove that I am still the librarian. This frees me up to switch to a dumb phone as soon as my current "daily driver" dies.

[CitricScion]

That's actually a great use case for old phones you may have lying around. Just keep them in a drawer for the few things you need a phone for, but don't daily drive with them. If you do that, you can keep all of the flexibility of the app ecosystem of mobile devices including good 2FA apps.