If the only phishing protection you find meaningful for 2FA tokens is domain matching then any extension-based password manager like Bitwarden will work with far less hassle than needing a physical token or your phone.

Just hope your password manager's password doesn't get phished.

> or your phone.

Using your phone for 2FA doesn't provide any phishing protection that I know of.

What realistic attacks is a non-U2F Yubikey protecting against that TOTP (Google Authenticator) won't protect against?