[nine_k]

Do you mean, you don't print these rescue codes which every 2FA thing keeps nagging you about? You don't have a printout in your wallet, or in your folder with important papers? Not even as a secure not in your password manager?..

[kstenerud]

Nope, because I was grandfathered into it when Google switched it on for everyone without saying anything. You can still access gmail and such; you just can't set up any more devices without having some kind of 2fa.

Now I have a hardware key. I wouldn't dare keep rescue key codes (which can't be revoked) in my wallet.

[nh2]

Can't you just use them to revoke them?

[nine_k]

You can't revoke them if the paper is in the wrong hands, and you don't have a normal access to your account. (Well, they are much like a password in this regard.)

It's just different risk profiles. Your biggest risk might be to drop your phone and lose all the 2FAs in a Google Auth app. Or your biggest risk might be losing your wallet to a thief or robber who is going to hijack your accounts.

[bootlooped]

I think the chances of the kind of person who steals your wallet also being able to leverage pilfered two-factor authentication codes to hijack your accounts is almost zero.