Comment by swiftcoder

> Yes, but also plain guessing since passwords are usually chosen by the user and not generated by the server like TOTP secrets.

If we were talking a >256-bit secret, I'd buy this, but in the human-calculated case I don't see how it actually helps with this, because you've substituted a ~8 character password for a 6 digit number, which is significantly less search space to brute-force.

> Also phishing attacks tricking users into entering their passwords in fake login pages

yes, this is more-or-less a subset of the "keylogger/insecure login page" case

> and stolen password databases

There's still a server-side TOTP secret database to be stolen, no? And normally that would be hard to reverse-engineer the actual secret from, but again, you've shrunk the search space down to 1,000,000 entries, which is trivial to brute force.