I use Symantec's VIP Access phone app for my 2FA wherever I can. That includes my 2 brokerages (Schwab and Fidelity). It is similar to the Symantec security token mentioned above except it is a software (app) solution rather than a physical device. If I lose my phone entirely, I will have to jump through hoops to recover. Finger's crossed that does not happen.
As do I. To supplement Pirates post...
You can add this app to an IPad or even to a computer. The apps communicate via TCP/IP over wifi, not over the cell network. Thus a lost or hacked phone is irrelevant and you will still have a functioning 2FA process available (as long as you have internet access)
Because the 2FA authentication is a hash of both device and user information, the same Symantec VIP app installed on different devices will produce different codes. There can be only ONE!
Most folks use the phone as authentication device since it travels with them.
A less portable approach is to use a single older device for all your authentication service needs, and keep it near the computer you do the logins on. A small old iPad with VIP installed will do the trick.
Many brokerages have standardized on the VIP app, since Symantec has a long history here with dongles and more. I prefer Authy. Between the Authy and VIP, I have about 20 2FA accounts secured. All on IP, not cellular data.
Thus far, I am avoiding google/apple cloud integration services for cell 2FA, which automagically fill in codes for logins. I fear this concentrates power and control which would increase the value of the target, and thus the risks of hacking. I prefer the chinese wall between vip/authy and apple/google.
