It’s a second password - not a bad thing, but still vulnerable to many categories as attacks.
totp is not a second password, it is immune to data/password leaks because it expires quickly
alt Hacker News
totp is not a second password, it is immune to data/password leaks because it expires quickly