This is why I only use TOTP, my company IT was even baffled when I chose TOTP instead of the MS Authenticator app.
I don't use Authy or any of them that backup to the cloud either, since that defeats the whole point. Every time I add a new TOTP, I add it to an old OnePlus phone as a backup, and that is at home 24/7 in case I lose my main phone.
After having someone try and hijack my NPM account, and actively pursuing me for a bit, I realized all other forms of 2fa are a joke. They will impersonate you to your carrier, they will try to get you to send them the code to hijack your sim... It's basically a matter of time for any large scale organization has one employee who drops the ball.
I don't use Authy or any of them that backup to the cloud either, since that defeats the whole point. Every time I add a new TOTP, I add it to an old OnePlus phone as a backup, and that is at home 24/7 in case I lose my main phone.
After having someone try and hijack my NPM account, and actively pursuing me for a bit, I realized all other forms of 2fa are a joke. They will impersonate you to your carrier, they will try to get you to send them the code to hijack your sim... It's basically a matter of time for any large scale organization has one employee who drops the ball.