A quick update to -or continuation of- my previous post.
FIDO U2F and FIDO2
FIDO U2F is a hardware-based second factor authentication which requires you to plug in a USB key (or NFC on phone) to authenticate against a website. It works on all major desktop browsers and does not require any driver installation. The most current standard, but not 2FA is FIDO2. This one completely replaces password authentication with a hardware-based token. In practice, it’s similar to FIDO U2F but it’s not as widely supported yet. It is gaining popularity though and big services do already support it. I highly recommend it. It’s also the only phishing proof option currently available.
Commonly known as “Google Authenticator” and compatible. Very widely supported and easy to use. Use one of these, but NOT Authy.
Available as app or hardware token. Or app with hardware token. 😅
I don’t use it and I don’t trust it because Yubico OTP requires you and the service validating your request, to put full trust into the centralized Yubico cloud.
Just, no. See my previous post.
FIDO U2F and FIDO2 are the currently best options available, and the only ones that are currently phishing proof. You should always go for those where available. The alternative would be an offline Google Authenticator compatible app. Doing encrypted offline backups is OK. But never use SMS for authentication.
I have links to security keys I recommend, below: