Yeah it's a mess when you recommend duo/authy not clear TOTP or internal system. It's a second factor but not the one that's worth implementing: basic link to email has same security and costs $0
Its true that push2factor have some disadvantages, but it has one really strong advantage above pure TOTP: phishing dosnt work as the 2factor is send directly to the site and cant be mitmed at your terminal. Read about it.
I still think it's a second factor. Only a third party might have access to the factor too, like SMS codes/3DSecure.