After some search these are my most used services (with number of visits):
7191|gitlab.uni-ulm.de
7409|github.com
8307|www.youtube.com
10696|duckduckgo.com
11337|www.wanikani.com

1. Wanikani is a Japanese learning app and does not support any kind of multi-factor-authentication. You can log in with your email address and also reset your password using your email address. They only removed username login in 2023: https://community.wanikani.com/t/updating-wanikani-password-recovery-options/61437.

2. DuckDuckGo does not even have a login, so no need for authentication. I guess in a way, the most secure account is the account that doesn't exist. However, since it felt like cheating: I also use Proton a lot, and they have a lot of options for login. Speaking from personal experience here are the ones I know:
- TOTP: Active for my account as well (they even have their own Authenticator app)
- Security keys: Also available for two-factor authentication
- In case of Proton Pass: You can set a second password that unlocks the password manager to make sure someone doesn't get access when they get your main password (just additional security).
- For recovery, you can also set emergency contacts and stuff (so people could get access to your account even if you died), they have a pretty comprehensive system in total and I think they're really doing a good job with authentication

3. YouTube: Well, here it gets a little complicated, but it's basically the same as for any Google account and because it's a big platform there are so many security options that you can't even count them all.
- TOTP
- Pass keys
- Email 2FA
- Google's own autentication system that works with any Android device (the one where a code is sent to your phone instead of by email)
- Security codes: Offline credentials similar to TOTP that can be viewed in the Google app on a phone when logged in (as a compliment to Google's own code sending)
- You can also chain any of those together to make your account more secure

4. GitHub: Also really solid here: TOTP, Security keys, GitHub Mobile and SMS/Text (marked as insecure) messages are supported. However, no multi-factor authentication, you can only configure a second factor.

5. University GitLab: Also a lot available: Login usually works through the University's account system, but you can additionally add TOTP and WebAuthn devices (so passkeys).
