I strongly suggest not using TOTP, HOTP or similar MFA solutions based on a shared secret if security is important. It is basically the same as storing your password both at your provider and in your phone in cleartext. With SMS you have at least the possibility to do auditing when a token is generated.