With the predominance of Deep Packet Inspection (DPI) on networks, I wonder if the NSA has been using DPI all along to intercept our data traffic at the 8 primary internet hubs? Does a VPN even matter considering that the major Internet Service Providers (ISPs) route all of our traffic? My guess is that the NSA sends all traffic for inspection prior to sending it on to the VPN and other providers.
I looked around for a dedicated hardware device that displays One-Time-PINs (OTPs). I wanted a device that did not interact with a phone, something that could not communicate outbound or receive information. I purchased the Token2 molto 1 (https://www.token2.com/shop/product/token2-molto-1-i-multi-profile-totp-hardware-token) on Amazon. It is super slim and relatively inexpensive. However, you have to program it with a cell phone app and a cell phone that uses NFC. None of my phones have or use NFC.
I then ordered the Token 1 Molto 2. You program the device with a USB-mini and a program from the Token website. The software is easy to use and the tokens transfer is quick. This device holds up to 50 different OTP. You can program in the OTP application name and choose to display various elements such as the QR code or name.
DeepNet security also has a few devices (https://deepnetsecurity.com/authenticators/one-time-password/safeid/), but I really like the Molto 2.