Not all the same flaws; malware will have a much harder time recovering it. Also, you can use a regular password to "semi-authenticate" with the call center of the service and try to get them to disable the second factor, but this PIN is only useful with physical access to the device.