Now that it's often allowed, I usually have an old phone stashed in my check-in bag. Is that common practice? Is there something simpler I'm not thinking of?
You don’t necessarily need a second phone. You may need a second phone number in your home country that you can get calls and SMS anywhere. VOIP services such as Google Voice, Hushed, Skype work, but test first because some banks etc. won’t accept VOIP numbers.
I have travelled full-time for over 12 years. I carry one phone, an iPad, have three email accounts, two US numbers (Google Voice and Hushed), a local number wherever I stay (e-SIM), a Yubikey and backup key. Have never needed a second phone.
I think of the 2nd phone as basically just a little portable computer with Bitwarden, and on which I could probably use some sort of messaging app or email while I replaced the first phone.
Yubikey is the popular answer so far. I have thought of that in the past, but never followed through on. Less versatile (can't run apps)? Certainly more portable.
Are the majority of people who don't like doing this stuff just not using 2FA, or just risking being locked out? All the people I know in this category are doing one of these options.
1. SSH into a fixed desktop that has a Yubikey plugged in so I can receive the TOTP codes for the idiot services that only allow registering 1 Yubikey
2. All phone-based 2FA go to a virtual number that forwards to a place that I can access remotely from any device
Yeah, not ideal, but not having access to my own shit in a foreign country is a bigger risk.
I also keep an old phone hidden deep in my luggage, not for a 2FA backup but just to have a phone to use in case my main phone is stolen or breaks.
Some 2FA I have run into lately will email or SMS a code (WTF?)
My watch has cellular and will show messages. Is this a backup?