The Apex has an NFC Share applet that emulates an NTAG. When you install the applet you can specify the storage size. You then use the Apex Manager Android App to store a website, vcard, etc. Other smartphones that scan the chip will treat it like an NTAG (e.g. read the vcard contact info and prompt the user to add a contact).
So if you want this functionality you don’t have to any of the NTAG chips like the NExT. Note that you cannot use the Apex NDEF applet to authenticate with systems that expect an NTAG.
The NExT has exactly two chips in it. One NTAG216 13.56MHz and one T5577 125kHz. The T5577 is programmable using a ProxMark Easy or Flipper Zero. It can only “hold” a single ID. Typically people will take an existing 125kHz fob or access card and clone it to the implant. The ID is registered with the access control system. If you have access to the ACS and the ability to enroll new cards, then you can use NExT with multiple systems. Put another way, the T5577 is a single blank key that you can cut (or recut). The only way to use it with multiple locks is if you can install the locks yourself.
The NTAG216 chip has both an ID and an area for user provided data. The ID cannot be changed. It is backed in during manufacturing. This means there is no way to clone an existing NTAG access card to the implant. Instead, you must enroll the NExT with the access control system. Most control systems only care about the ID and don’t read or interact with any of the user-writable data.
tl;dr – If you have access to the control systems then you can use the single NTAG ID and/or the single T5577 ID to unlock multiple systems. If you do not have the ability to enroll new IDs then you can only clone a single T5577 card or fob.
2FA has a kind of wide meaning. For traditional 2FA, you would want the Apex Flex. There are several applets you can install that function as 2FA devices. Essentially, between the HMAC-SHA1, OPT, and FIDO applets, you have an implantable YubiKey (well without USB – at least for now ).
The FIDO2 applet lets you use the implant directly as a 2FA device when logging into many services - Gmail, Apple, etc). It works on both mobile and desktop (Windows is best). The OTP applet works in conjunction with either the Apex Manager app (Android) or Yubikey Authenticator (Android and I think iPhone, but not positive). The keys are stored on the implant itself – the app is just used to display the codes. There is a limit to the number of OTP accounts you can enroll, and there are storage space considerations depending on how many applets you have installed. Note that the Yubikey GUI tool for Windows does not support reading OTP codes over NFC, but you can use the Yubico CLI tool if you need.
The HMAC-SHA1 applet can be used with a few services, but by far the best as a 2FA device for KeePassXC (Windows, Linux, Mac) and KeePass2Android (Android). KeePassXC is an open source password manager. If you store the password vault on a shared drive like Dropbox or Google Drive, you can have a great cross-platform way to store passwords. After installing a secret into the HMAC-SHA1 applet, you can then protect the encrypted vault with both a password and the Apex.
I’d recommend getting a Yubikey and seeing how you like using it. Then imagine having it on your wrist or hand.