Border search safe TOTP authenticator app?

Be very careful with your threat model here. If an agent attempts to use the codes and they don't work, and they find out there's a dual pin mechanism, you could end up in more trouble than with whatever they'd have seen in the first place.

You need to re-evaluate your threat model and change your approach. As others have said here, a TOTP that doesn't work would attract more attention that one that does or one that outright doesn't exist, all the way up to escalating the encounter from casual privacy-conscious user to alleged spy.

The best way is to legitimately not have anything on the phone or your online presence that would cause problems, and then just be transparent (honestly, they're not after your nudes or embarrassing texts). A lot of border checks are based on feelings and if you look the part they'll quickly flick through the phone for obvious stuff they're after and will let you go once they don't find it.

If you are actually doing something that would cause issues, then you keep this off the local device and onto a remote one. Use a YubiKey or other dual-use authenticator (that gives you plausible deniability for having it - you can use the same key on benign social media accounts, etc) to access it from a secure device once you're through.

FYI, you're asking about duress codes[1] - it may help your search to use that term.

[1] https://en.wikipedia.org/wiki/Duress_code

Just store the TOTPs you actually care about on a Yubikey. Leave a few “worthless” TOTP in whatever TOTP app you use. Remove the Yubico Authenticator app before crossing the border.

Memorize one TOTP key for a cloud offering; then store the rest in it. 1password, Lastpass, etc. It’s not that much longer than a Windows product key, and I still know one of those.

The secret key is just an RNG output so you could also take it in 4 byte chunks and memorize 16 PRNG inputs that generate each the 4 bytes.

Or you could memorize a passphrase, take a sha2 hash of it, and then memorize a single PRNG input that spits out the bitstring diff between the hash output and the TOTP key. That way you aren’t wholly dependent on memorizing numbers and you can still safely use a more predictable and weak ‘PRNG’ that can amplify the bitstring salt out of an input.

etc.

I carry critical sensitive data on an encrypted micro-SD card discreetly attached to my wrist watch band. I've never had anyone even discover it much less try to examine or access it.

A wrist watch doesn't attract much attention being a common fashion accessory that lacks sufficient volume needed to disguise any dangerous substance and isn't commonly known as a data store.

https://www.thingiverse.com/thing:6784665

Lying to US officials is 5 years in prison. Per instance. One assumes other countries have similar laws, but I doubt anyone knows what actually happens in courts outside the US.

This post came to mind: https://blog.singleton.io/posts/2022-10-17-otp-on-wrist/

I doubt anyone wants to search a f-91w.

Note: there are more comprehensive border-crossing security guides

https://freedom.press/digisec/guides/