Not the GP, but I also use YK as a primary auth mechanism and TOTO as fallback.
Since I only use TOTP as fallback, I am much more vigilant if I suddenly get a TOTP prompt. I should never get one, only in circumstances where I explicitly want one. Every other instance is a big red flag. Is that perfect? No. Is it better than TOTP: yes.
Since I only use TOTP as fallback, I am much more vigilant if I suddenly get a TOTP prompt. I should never get one, only in circumstances where I explicitly want one. Every other instance is a big red flag. Is that perfect? No. Is it better than TOTP: yes.