The title is quite linkbaity. I mostly agree with the main premise, which is "If you're passing your first factor via the same device that has your 2nd factor's secret key, you only have 1 factor", but that doesn't mean we should "beware" TOTP.