Allow disabling the TOTP authenticator without affecting WebAuthn devices

It would be nice if TOTP authenticator could be disabled without causing the de-registration of the WebAuthn devices.

A more granular and better separation between both would be good. Currently, WebAuthn devices can be disabled individually, without affecting the TOTP, but the opposite is not true.

The above situation is an artefact of the past, when WebAuthn device registration required first a TOTP. With the elevated role of WebAuthn devices a better parity would be great. See Remove OTP from being required before WebAuthn ... (#378844 - closed)

Current way to disable TOTP: