This is the best way to go about this (the first line, the second line is rather variable). Phones didn't suddenly become a single point of failure, it's mostly middle-management combined with checkbox-security that ends up with SMS, TOTP and push-based confirmation factors. It's not the best way, but the easiest way to set things up.
To make matters worse, TOTP is easy to copy for 'backup' purposes, so it's really not all that good (but still orders of magnitude more secure than SMS), but people are now actively encouraged to use multi-device TOTP like authy which practically invalidates it as a separate factor.
There are of course practical implications as well. Giving everyone a Yubikey is problematic due to cost, same with smartcards and readers at every workstation (the card isn't the problem, replacing everything with readers and changing the authentication system to accept smartcards is). RSA SecureID is expensive too, and essentially just TOTP. You could only use FIDO-enabled devices like the ones with secure enclaves, but that has the same problem as smartcards.
One thing that happens a lot around here is people carrying two phones, which doesn't solve anything but does shift the work/blame/cost on the company because everything will have to be done on 'their' device. This is a bit impractical because now you're constantly walking around with two phones, or have to manage which phone you happen to have on you.
On top of everything else: all other second factors can be lost too, that is by design because it is supposed to be 'something you have'.
That is not really the problem, that is the symptom. Making it redundant makes the factor property moot. And while it might be hard to replace, it's not irreplaceable. One issue is that if you have 60 TOTP accounts on an app on a phone and you desire to replace it you'll end up with a keyring full of FIDO keys. Those are just as 'non-redundant' and 'irreplaceable' as the phone was.
The problem that causes the symptom is pass-the-audit mentality in the implementation of MFA. You have many options to make this "better" like picking any push, FIDO, U2F and TOTP method at authentication time. Lose 3 of those and you still have one available for the normal flow. And then there are backup codes that most people don't actually print and store because for some reason they are either unaware of it or believe that it will never affect them.
To make matters worse, TOTP is easy to copy for 'backup' purposes, so it's really not all that good (but still orders of magnitude more secure than SMS), but people are now actively encouraged to use multi-device TOTP like authy which practically invalidates it as a separate factor.
There are of course practical implications as well. Giving everyone a Yubikey is problematic due to cost, same with smartcards and readers at every workstation (the card isn't the problem, replacing everything with readers and changing the authentication system to accept smartcards is). RSA SecureID is expensive too, and essentially just TOTP. You could only use FIDO-enabled devices like the ones with secure enclaves, but that has the same problem as smartcards.
One thing that happens a lot around here is people carrying two phones, which doesn't solve anything but does shift the work/blame/cost on the company because everything will have to be done on 'their' device. This is a bit impractical because now you're constantly walking around with two phones, or have to manage which phone you happen to have on you.
On top of everything else: all other second factors can be lost too, that is by design because it is supposed to be 'something you have'.