[eschatology]

Yes — because 2FA is commonly stored on a separate device (phone), people are very quick to conclude that it is pointless otherwise without thinking further.

Even if it is stored in your password manager, it is still useful. Consider the case where your network or website is compromised: the password is compromised and can be reused, but the totp 2fa that is in your password manager still prevents login by anyone who obtained your password. There are many attack scenarios but storing 2fa and enabling autocomplete definitely does not make it useless.

[dheera]

Also I'm sick and tired of every business thinking that a phone has to be the second factor.

A laptop, or even better, a large, immobile desktop PC, is a much better second factor than a phone, and there is no reason why a user should be forced to go find their phone when they have console access to a much larger device.

Putting a Yubikey semi-permanently on every device and having you do a one-time registration of each device (initially using another already-registered device) should be the default way of implementing 2FA.

[dylan604]

But what if it is an app on the phone that is asking for that 2FA which then receives that 2FA via text?