> 2fa using an app that exists on the same device -- a second factor that secures nothing
2FA on the same device secures against your login credentials becoming known to another party, e.g. by fishing, password reuse, database leaks, etc., which are real threats. It is not meant to protect against someone being in possession or full control of your unlocked device, which is of course also a real threat, though possibly less common.
2FA on the same device secures against your login credentials becoming known to another party, e.g. by fishing, password reuse, database leaks, etc., which are real threats. It is not meant to protect against someone being in possession or full control of your unlocked device, which is of course also a real threat, though possibly less common.