I’m using GPodder with AntennaPod on my smartphone and Kasts on my PC. Works good if you don’t switch between smartphone and PC very often (it syncs every x minutes with the server, so it can get out of sync if you start using your other device and sync hadn’t happened yet)

You could use third party clients with 2FA enabled in the past (at least I could). I think I used my normal password for the clients, so no real 2FA on that side, but that’s no different from the new app specific passwords. IMAP doesn’t allow 2FA so every mail provider allowing third party clients essentially has a weak point with no 2FA there.