This is why 2FA isn't all it's cracked up to be. Strong passwords kept in your head are less brittle than managing something you can lose. If you have a real support channel (like employer IT) to deal with loss it's workable. Online services with no support is just asking for trouble.

2FA can be all it's cracked up to be. A Yubikey you have to physically possess, and physically touch, to login to a site is completely immune to this.

Yes, you need to buy hardware, yes you need 1 or more backup yubikeys in a bank safe somewhere in case your primary one breaks, but it is actually safe.

Strong passwords in your head are bad because they're even more phish-able. Like, with FIDO2, my yubikey will not login to "fake-coinbase.com", the attacker cannot proxy the data they get from the yubikey. For 2FA TOTP codes and for passwords, a phishing page can just proxy through the stuff to the real coinbase and login (as happened in this attack).

Eh just use a password manager; I use 1Password, it sync's to all my devices, I keep backups of everything (export primarily in json), autofills the 2fa codes, etc.