[joshribakoff]

Its called two step verification. Prevents someone from “guessing” the password but doesn’t stop someone who has physical access to the device with the password stored. Same as with e-mail or SMS codes, basically. I don’t think i recall any websites that detect i am using my phone and rely on a true “second factor” aside from enterprise applications where i got a hardware yubi key.

[marcrosoft]

It is called 2 factor or multi-factor authentication. It should be something you know (password) and something you have (device). Storing totp with your password defeats the entire point of it.