Inversely, though, many apps like $authenticatorApp are tied to the specific phone (possibly storing a necessary data in the phone's secret enclave), not the account. For example when I upgraded to the newest $smartphone, all of my accounts with only $OTPApp2FA were unable to 2FA. I had to request 2FA resets from my account rep and configure the accounts to work with the new phone.

I'm much happier doing this than risking having a phone number hijack due to a $cellCarrier employee maliciously or negligently transferring my phone number to a malicious user, but it's not easy for me to remember to do all of these security steps, let alone someone who doesn't work in the cybersecurity industry. There's no way in hell my parents could do this.

Google Authenticator got an update a couple of months ago to allow account tranfers to a new phone.

I was actually talking about the class of apps (Google Authenticator, Authy, Okta Verify, Yubico Authenticator), but good to know!

I don’t see any such option on the iPhone. Also it’s a problem if you lose your phone before you make any transfer.

The previous answer made me think a bit more seriously about those reset codes that are lying around (maybe?) my computer.

I’m a digital native and digital lives are still so hard even for me; no wonder regular people just nope out of it.

There's a 2 dollar app on iOS called Authenticator Plus that syncs to iCloud, that's my present solution.

How do you know that app can be trusted with your secrets? - is it OSS?

I don't. That's the rub with anything iPhone/iPad. Ultimately I'm at the mercy of Apple's app review process.

Duo is free and also syncs to iCloud

GA is still not linked to your Google account