[mcwhy]

you can add a security key (real or emulated one) then add TOTP and after remove the security key

[0x6c6f6c]

Yes, but why not just offer it in the first place? I had the same impression when I had to jump through those hoops

[unqueued]

Because it is easy to automate TOTP, and it is probably not effective at slowing down signup attempts.

[jqpabc123]

SMS is far superior from Google's perspective --- your phone number also reveals your identity.

Privacy invasion in the name of security. TOTP doesn't offer this and is clearly to be discouraged. Unless you accept the privacy invasion, they really don't want you to have an account.