Until you switch devices and then you lose access to your account or spend a morning wading through Authenticator transfer hell for each account. I learned that lesson last time I switched phone and now everything lives in my password manager + sms 2fa
There’s a middle ground with an out-of-band shared decrypt. Authy has the most user friendly TOTP sync that lives on device, but are other more open source ways to have your cake and eat it too in this regard.
- Use a 2FA app with sync like Authy (even Google Authenticator has basic backup/export support nowadays, but it's still far too easy to lose your codes with it)
- Use a password manager with 2FA support like KeePassXC/1Password/Bitwarden
- Use a YubiKey (ideally have two in case you lose it)
The built-in iOS keychain will let you save your MFA tokens as well, and this can sync between devices. Or, you can use Raivo, and back up the tokens either manually or in iCloud.
Meanwhile Amazon still sends me an email and a text message every time I log in to a new device on an account with TOTP 2FA enabled. At least those don't require any action from me, but it's still annoying.