I own a handy asus x00p with android 8 that fits my hand (released in 2018). I have a newer android 11 device (released in 2020) but it’s larger and heavier and I don’t really like using it.
What are the security risks, if I go ahead using the 2018 model to 2fauthenticate?
If it’s not receiving security patches then it’s not a good candidate to use for 2factor. Risks are low but anything without security patches becomes a minor speed bump to bypass as published exploits will likely exist that are trivial to implement.