True, but last I checked, Google Authenticator and other similar apps (except maybe Authy or password managers) would refuse to upload or backup keys to iCloud Backups for odd reasons. Presumably they wanted the same sort of identity properties that something like Touch ID has, and thus would be solved by having more than one ID.
Unfortunately most people have only one phone, so that didn’t work until options came along where you could add more than one token/device instead as backup.
Oh no, the string and/or QR code should be backed up when one is setting up the 2FA.
If you have that seed phrase, & any device with correct time can calculate the TOTP code, even a simple local javascript app.
Obviously that phrase leaked would mean hacker can also generate codes. So that's why those phrases should be kept extra safe, away from normal passwords.
Just like any other password or data, 2fa strings also need to be backed up, like in a password database (separate from the usual one).