Change your shit asap. Anyone who has access to it can theoretically auth as you on any site or product that uses that 2fa setup. They would still need to have your underlying credentials that would initiate the 2fa protocol exchange anyway, but if they have access to your underlying 2fa secret, its not too far fetched to believe they may have other credentials potentially, depending on how you’ve secured the access and where you store your credentials. To be safe and not paranoid, it’s best to just do a root trust rotation and cycle the underlying auth creds
no, the underlying secret
Oh, well then they’re just you, per that factor like having your password
Change your shit asap. Anyone who has access to it can theoretically auth as you on any site or product that uses that 2fa setup. They would still need to have your underlying credentials that would initiate the 2fa protocol exchange anyway, but if they have access to your underlying 2fa secret, its not too far fetched to believe they may have other credentials potentially, depending on how you’ve secured the access and where you store your credentials. To be safe and not paranoid, it’s best to just do a root trust rotation and cycle the underlying auth creds