I own a handy asus x00p with android 8 that fits my hand (released in 2018). I have a newer android 11 device (released in 2020) but it’s larger and heavier and I don’t really like using it.
What are the security risks, if I go ahead using the 2018 model to 2fauthenticate?
You can use an OTP Generator like Aegis Authenticator from F-Droid. Afaik it even works offline, so there should be no risk if you strictly keep it offline.
Why would an OTP generator even need connection to anything?