The main problem I have with TOTP (What you're using when you use Google Authenticator) is that the migration path doesn't exist when you get a new phone. This article complains that users are trying to mitigate this problem, but doesn't seem to give any solutions.

It's entirely plausible you might have 20 accounts set up using TOTP on your phone.

If you now buy a new phone (which users might be doing once every 18-24 months), you need to log into each account and generate a new TOTP key and void the old. That's a couple of hours work.

Now, what if you lose your phone?

You now have to recover 20 accounts, which will take several days, and it's very possible you won't be able to recover at least one.

The common response is "Oh, you should keep one-time keys somewhere". Right, 20 * 10 one-time keys in a single centralised location, and make sure to update them to keep them valid. I thought we were trying to stop people writing their passwords down and storing them next to their computer?

Edit: I'm not sure "treat your TOTP keys like passwords and store them" is setting a very good example. Why are we developing systems that use TOTP if we are encouraging users to treat them like passwords, undoing the vast majority of the security benefit?