If you can access your #totp from the same device as you are logging in from, it is not two-factor authentication. No, not even from a password vault.
Similarly if you can access SMS from your computer, an OTP sent to it is also not two-factor.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!