[arubania2]

> bigger things to worry about

Do you mean things like seeing your photos?

If your 2FA is not stored on the same machine then the attacker won’t be able to log into your bank / brokerage account, and that’s something I consider the main thing to worry about.

[nerdawson]

Important documents, source code, emails, ssh keys, you name it.

If your machine is compromised, it’s game over. What’s to stop an attacker intercepting your 2FA codes by swapping out login pages for services you use?

TOTP via PW manager is safer for most people than SMS based 2FA. Having your login codes on a separate device is better still but it’s a trade off with convenience. For some people that won’t be worthwhile but then it’s a question of threat model.

[arubania2]

> swapping out login pages

Hmm you’re right, I didn’t think of the scenario when they would give you the machine back in a tampered state.

I was gonna reply “well just wipe it once you get it back” but that assumes that I know it happened, so I’m still susceptible to the evil maid attack and such.

Also fully agreed with the last paragraph.

[adgjlsfhk1]

if a hacker is in your system enough to get totp keys, they can also just pay themselves from your bank account after you log in.