@me My setup is very similar. I use pass, PassFF and sync using git. For 2FA I use Yubikey and https://developers.yubico.com/yubioath-desktop/ , which unfortunately works only with yubikeys.
About using 2 smartcards at once: gnupg 2.3 says it has improved support (https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000458.html), but yeah, unfortunately it's not the version provided by PureOS.
For the moment being I decided to disable the use of the #OpenPGPcard inside my #Librem5 to force the use of my #LibremKey when gpg is needed on the phone.
Support for multiple smartcards is improved in gpg 2.3.x I read which is not available for my distribution, yet.
This way pass works with the externally connected LibremKey/#Nitrokey as expected.
storing passwords and using a 2nd factor for authentication
Since I started using my #Librem5 the usage of my passwords and one time passwords changed: I'm using the L5 in docked mode, also.
This makes it unusable as a 2nd factor for logging in to e.g. source.puri.sm or sourcehut, because the 2nd factor shouldn't live on the same device that I'm logging into from.
Another problem is that I have to sync my passwords.
I started using pass and migrated passwords from Firefox and Password Safe to it using an extension called pass-import that easily read the exported passwords into the new password store.
In Firefox I installed the add-on PassFF along with the component that needs to be installed in the underlying system.
I already like it more than the build-in Firefox password store.
Pass offers functionality to sync the gpg encrypted content of the password store with a git repository to make the passwords available on different devices.
To use this I set up a #gitea on my #yunohost and with some basic git knowledge it's easy to push and pull the passwords from a private repo.
The problem of my missing 2nd factor I could solve by using the #LibremKey (which is a special version of a #nitrokey) to generate the one time passwords.
There's still some work to do to get that all from my notebook onto the Librem5, but I can already open my password store on the phone and sync it from and to my repo.
Todo:
Any comments, help (especially on using gpg with two readers and two smartcards available) and questions are welcome.