Comment by coppsilgold

> I think this as a mid-step of smooth transition from plain-text passwords to secure keys.

This is not what I meant. Storing the TOTP next to the password means you don't really have 2FA as it's a single point of failure. Still better than nothing especially when the objective is what I stated in the first paragraph.