Not if your TOTP codes are generated by another device, then the attacker needs your password, plus the device holding the key for TOTP. If you use it on your phone and authenticator is your phone then a theif has everything when they steal your phone. Hardware key for TOTP is a better 2FA method as its totally separate from your PC or phone