2fa does not appear to be working except on the web client

1. I set up 2fa on a new account. Logged out of the web client and then logged back in. Works as expected--authentication is required after entering my credentials, and my TOPT is requested and works. Great.
2. Then I created dedicated app passwords for Thunderbird/IMAP, webdav and DAVx5.
3. Thunderbird, webdav, and DAVx5 all reject the dedicated app passwords I created, but they DO accept my regular password without any issue (and without any 2fa).

It is not the expected behavior that I can log in to IMAP and DAV services with my normal password. It renders having 2fa meaningless!