• humuhumu@lemm.eeOP
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      6 months ago

      Do you mean individual 10 second 6 digit codes?

      no, the underlying secret

      • NovaPrime
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        6 months ago

        Change your shit asap. Anyone who has access to it can theoretically auth as you on any site or product that uses that 2fa setup. They would still need to have your underlying credentials that would initiate the 2fa protocol exchange anyway, but if they have access to your underlying 2fa secret, its not too far fetched to believe they may have other credentials potentially, depending on how you’ve secured the access and where you store your credentials. To be safe and not paranoid, it’s best to just do a root trust rotation and cycle the underlying auth creds