Mostly what they said.
So to clarify the question about account … a given authentication app can hold the shared key for many, many different web sites or other things that need 2FA to login on. Each shared key is therefore named in some way, so that you can keep track of what keys the app is storing and identify the right key for a given login. (This is not dissimilar to the way that the Gnome Keyring app works i.e. a keyring holds a zillion keys and each key therefore has to be given a name.)
If anyone needs help converting between QR code and shared key, it’s not that subtle or complicated, although as with most things some app writers introduce proprietary features that then may not be recognised by other apps.
Definitely not broadcast. I’m using a hardware token for TOTP and I am quite sure that it is not hacking into my WiFi in order to communicate with the internet, either transmit or receive.
Using TOTP, once the web site and the app / token have a shared key, as one-off initial configuration, then every 30 seconds (default, may vary) they can each guarantee to generate matching 6 (default, may vary) digit numbers forever. No communication of any kind is needed.
I’ll provide the link for RFC 6238 in case anyone wants some bedtime reading.