If you’re setting up Passkeys like this, it isn’t 2FA. It’s more secure 1FA than passwords, but it is still 1FA.
If you set up Passkeys or hardware keys as 2FA, then it is more secure than TOTP.
In terms of theoretical security:
Password + Passkey (2FA) > Password + TOTP (2FA) > Passkey (1FA) >> Password (1FA)
In terms of phishing protection (more relevant for most people):
Password + Passkey (2FA) > Passkey (1FA) >> Password + TOTP (2FA) > Password (1FA)
(“Passkey” above simply refers to any WebAuthn credential because different companies define “passkey” differently)
Edit: When I say “Passkey (1FA)” above that assumes the passkey is not set up as 2FA on its own (see below). If your Passkey is configured to always require a PIN or biometrics, then it is at least equivalent to “Password + Passkey (2FA)” in my ranking above, not worse.