TOTPs are inherently less secure than many of these proprietary solutions (they don't offer control over where people store them and whether they create backups of them, for one thing), so I do somewhat understand companies preferring those.
I agree that "TOTP with user held keys offer relatively more control to the user than to the organization," but I would never call this "inherently less secure."
