I run stock android with a DNS which allows me to block network connection for any and all services, I find this is the best way. You can block almost everything while still allowing functionality of things you need
Use a 2FA app that allows you to export encrypted backup (I use Aegis)
Make an encrypted backup of your 2FA keys and store that using the 321 rule.
The 321 rule is 3 copies, 2 different types of media, and 1 copy offsite.
If your 2FA backup is encrypted, you can even store it in Google Drive or wherever, ask a family member to keep a copy, it doesn't matter if the password is strong.
If you're extra scared of losing your keys then you can use something like Authy as a last resort, they make it super easy.
I work in cyber forensics and incident response, 2FA and strong passwords can prevent 99% of the shit I see.
Sorry dude, if keeping your 2fa codes safe is too much to ask then you really shouldn't be on the internet.
Using a password manager without 2fa is a recipe for disaster, you might as well just use the same password for all your accounts at that point, then you don't need the inconvenience of a password manager
No dude, if it's not Foss gtfo. Not touching some hidden code thanks