[dheera]

Yes, I meant Yubikey's TOTP with PayPal where the secret is in the hardware.

They should ideally support >1 TOTP authenticator if they don't intend to support U2F.

I don't want SMS as a backup option; I have deprecated SMS, it's old tech and needs to die along with telegrams.

[barryp]

I’m pretty sure every site I’ve setup to do TOTP only allowed one authenticator. I got burned using Google Authenticator when I had to replace my phone, because there was no way to transfer the auth data to a new phone.

Maybe The Google app has changed now, I have no idea. I’ve had much better luck storing TOTP in 1Password and Bitwarden - which allow you to sync across multiple platforms. So now device upgrades are a non-issue.

Most sites give you some static backup codes for TOTP - definitely store those somewhere safe, they can be a lifesaver.