There are strict rules about proper 2 factor authentication that you must pick two out of the set of 1) Something you know, 2) something you have and 3) something are. Most compliance frameworks require the "pick any two" but not two of the same.
Mathematically most of the "Something you have" turns out to be "something you know" and if that can be shared in any way such as restoring it to a new phone. All that you have done is doubled down on the "something you know" even if what is known is too much for more people to remember. One of the key bits of "something you have" is that it needs to be unique. Once you can duplicate a token system on a phone for example, that fits in as something known, not something held and should be treated as a hopefully strong password sorted in a password vault.
A major issue with 2fa, is that all the old systems stuff needs to be tied in and most of the newer solutions just can't be made to work with older hardware which introduces major weaknesses in the total system. If the corporate phone systems is controlled by 4 digit pin or a core router can be asked to shift packets around where they aren't meant to go, the rest of the system might have already been compromised.