Two additional tips:
1. Prefer FIDO U2F over OATH-TOTP since TOTP relies on shared secrets while U2F relies on asymmetric keys. The newest standard WebAuthn is also supported by the latest YubiKey series.
2. You can also use YubiKeys/Nitrokeys for generating OATH-TOTP. This is more secure than storing TOTP secrets on your phone. Some tokens come with NFC for mobile use.