I just read it again. Sorry, I don't see that explanation with respect to the procedure I described.

Proper 2FA requires I have access to two separate devices, in this case, my phone, and my desktop. If the cleaning person (if we had one) tries to sign into my desktop, they can't, and I get a notification. If I lose my phone and someone tries to sign in, they can't, because they aren't at my desktop.

Only if someone has access to both my desktop and my phone can they log in. (And any system that lets me sign in with just one device is not 2FA, even if it pretends to be.)

Nothing is perfectly secure. Proper 2FA is more secure.