stealing watches is pretty trivial if you practice. but also TOTP is just more inconvenient than, say, the Microsoft authenticator with biometric confirm and server push, or a token you just press that's near your computer or phone. the fact that these can also help defeat phishing is just one more benefit.