Banking websites will tell you that you need 2FA. Of course you need to use not just any 2FA you need to use their app and of course you don't need a 2FA if you use the app directly for banking. My companys equity app does not even want to run on lineageos. At the moment it looks like a 2 phone will be necessary at some point.
The revised Payment Services Directive (PSD2) in EU describes standards of strong authentication and for the end user it means that mostly the bank's mobile app is being used as 2FA for logins and operations within the account
I'm not sure if physical tokens are being used anywhere but if they are, that's rather rare nowadays. It may be an option reserved in bigger banks or for business customers - I can see one of banks in my country offers it for a request and not by default.
Edit: it seems it's a feature for business indeed and banks opted for Cronto system - https://www.onespan.com/products/transaction-signing/cronto
For now, my banking app actually runs on GrapheneOS. My digital identity app that it requires to log in does not, but luckily my government also offers an NFC chip that I can just scan instead.
Two phones is such an unsatisfactory solution because it will be too impractical, too expensive, or both, for the vast majority of people.
Is there anything preventing use of something like Keepass vaults as your 2FA solution?
Yes, the fact that these 2FA systems aren't based on time-based one time passwords you're probably thinking of. It's a push notification that you need to open and approve in the official app.
The 2FA is not TOTP, it’s push notifications to the bank’s proprietary app