Just when you enable 2fa on some site and it shows you a qr code (or however it gives you the code, it might be a regular url, and sometimes they even display the string in plain text)
save that string. If it's a qr code, save the qr code and read it with a regular qr code reader (probably just your camera app these days) and it will have a string or a url with the string as the query string.
That string is not just one-time use. You can just save it and enter it into totp apps all over the place all day for the next n years.
keepass apps all support it now for one example, so you could save the string in a notes field in keepass, but they have a dedicated totp field now too. You paste it in, and now that password entry not only stores your name & password for that site, it stores the totp seed for setting up totp apps, and also displays the current totp time code just the same way the totp app like google authenticator does.
It's all stored in the keepass db file just like the normal passwords, so to set up a new device, all you need is access to any copy of the keepass db file. Install any keepass app like keepassxc on a laptop, load the db, and there's your working current totp codes for all sites. You want a more convenient dedicated totp app than having to dive in to keepass, just copy the totp seed from keepass into gnome authenticator or whatever. The different apps have different ways to supply the string when not taking a picture directly with the camera. Some like google hide it from direct access. Last time I used google authenticator I think it had no usable export, but it just recently got the ability to store the seeds in googles cloud, but not like in an ordinary google drive file that would be useful, just some internal magic that all it does is if you can somehow manage to log in to your account on a new phone, it will pull the seeds down and start working on the new phone. It doesn't let you set up any other apps or devices, and Google has a copy of your seeds in a form they can read, even though you can't!
But the same seeds could be just as cloud-enabled by being inside a password manager db, which is still sitting on a google cloud server, but this time in a file that you own, and in a form that google can't read but you can.
I'm a bit late but FWIW Google Authenticator has a QR code export option, it generates a giant QR code (potentially multiple) that contain all the accounts and secrets. It's designed for you to scan into Google Authenticator on another device, but you can also read the contents of that QR code yourself with various open source utilities to get the accounts and secrets (or just print a copy for a physical backup of them). Overall it's not a terrible way to go, though like you said if you can save the original QR codes that's a nicer way to do it.
That string is not just one-time use. You can just save it and enter it into totp apps all over the place all day for the next n years.
keepass apps all support it now for one example, so you could save the string in a notes field in keepass, but they have a dedicated totp field now too. You paste it in, and now that password entry not only stores your name & password for that site, it stores the totp seed for setting up totp apps, and also displays the current totp time code just the same way the totp app like google authenticator does.
It's all stored in the keepass db file just like the normal passwords, so to set up a new device, all you need is access to any copy of the keepass db file. Install any keepass app like keepassxc on a laptop, load the db, and there's your working current totp codes for all sites. You want a more convenient dedicated totp app than having to dive in to keepass, just copy the totp seed from keepass into gnome authenticator or whatever. The different apps have different ways to supply the string when not taking a picture directly with the camera. Some like google hide it from direct access. Last time I used google authenticator I think it had no usable export, but it just recently got the ability to store the seeds in googles cloud, but not like in an ordinary google drive file that would be useful, just some internal magic that all it does is if you can somehow manage to log in to your account on a new phone, it will pull the seeds down and start working on the new phone. It doesn't let you set up any other apps or devices, and Google has a copy of your seeds in a form they can read, even though you can't!
But the same seeds could be just as cloud-enabled by being inside a password manager db, which is still sitting on a google cloud server, but this time in a file that you own, and in a form that google can't read but you can.