cͣͨͣͪͧͣͭacahuatlA quick and easy way to undo many #infosec gains in end user security in recent years is to publish a Browser Plugin, JavaScript and PHP Library that, when given an image of a QRCode, produce the corresponding TOTP code. Optionally gives ones for future times too.
The browser plugin and phone apps would be called Advanced/Expert 2FA Manager. There would be a premium version of questionable value.