That's slightly better against people essentially accidentally letting attackers in, but still completely phishable by e.g. tech support scammers.
The big advantage of WebAuthN is that (at least for sane implementations, including all I've seen) there just is no way to enter an attacker-provided number and/or supply a displayed code to an attacker.