[pilif]

>I recommend looking at running a 2FA app on your laptop or desktop

I very strongly recommend against doing this: If you do that, you are giving up a lot of security provided by that second factor as the malware you are using 2FA to protect against now also has access to the keys used to create the 2FA token.

[tombrossman]

This is a fair point of course, but running it on a second laptop is probably more secure than running it as a mobile app. You wouldn't run it on the same machine you are pushing production code out from, it could be a personal laptop with no access to company systems. I didn't make this point clear in my original comment though.

[microtonal]

If you have malware, it can also act as a proxy requesting your codes and forwarding them (e.g. to disable 2FA). 2FA protects against password theft.

If your machine is compromised, it's over.

[hobarrera]

You're assuming the laptop has malware installed capable of pretty unrestricted access. At that point, all bets are off.

It can just forward code, relay cookies, etc. 2FA protects against someone peeking at your keyboard, or reused passwords, not malware.