Do not add a phone as 2FA, as this is vulnerable to something called SIM jacking or SIM swapping.

A physical security key is great, but they are also expensive and don’t work in all types of situations; some keys don’t work with phones unless you use NFC, and stuff like that. They are great in addition to authentication apps, though.

For app authentication, you want to use Authy. There is a huge “however”, though; after setting it up on all your devices, you must go to the Authy app’s settings and turn off its multi-device feature until the day you want to add another device. Otherwise, you expose yourself to the same phone-based exploits you’re trying to guard yourself against in the first place.