• humuhumu@lemm.eeOP
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    6 months ago

    Do you mean individual 10 second 6 digit codes?

    no, the underlying secret

    • NovaPrime@lemmy.ml
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      6 months ago

      Change your shit asap. Anyone who has access to it can theoretically auth as you on any site or product that uses that 2fa setup. They would still need to have your underlying credentials that would initiate the 2fa protocol exchange anyway, but if they have access to your underlying 2fa secret, its not too far fetched to believe they may have other credentials potentially, depending on how you’ve secured the access and where you store your credentials. To be safe and not paranoid, it’s best to just do a root trust rotation and cycle the underlying auth creds