This inherently (and, I suppose, this is the purpose) ties an account to a phone number or a device.
It doesn't. In the case of Google Authenticator and similar apps, it ties it to a
key (used to generate one-time codes) stored on the device. You can transfer it to other devices, or even run the app on your PC, though that kinda defeats the purpose (which is that a keylogger doesn't have access to everything needed to access your account, the key being on another device).
I just don't understand why one would want a .onion site and *not* be anonymous.
Sometimes the
operator of the website has no need to be anonymous, but wishes the
users to be. For this reason, there is currently some development on "direct onion services" which are faster but not anonymous for the operator.