[microtonal]

But there are other scenarios where your password could be stolen without someone getting access to your 1password, for instance if your connection isn't protected and a man in the middle can intercept your password.

Then they could also intercept your TOTP code, which is valid for a pretty long time by default (remember that the TOTP code is accepted for some time after the counter goes to 0 to account for transmission delays, slightly out of sync clocks, etc.) and use that to log into your account.

TOTP does not protect against modern forms of phishing. You need something like FIDO2.

[goupil]

That's a very valid point, as an automated attack could then be performed. I guess it would at least help against an attacker that would be manually checking what's inside the packets captured, or that would let his attack passively capture everything for a while and then proceed to attack.