I'll also go further and say you should be using a password manager, so even if you do end up getting scammed out of a login, they can't easily compromise your other accounts (obviously this depends on the kind of account being scammed).
A password manager with autofill will also help you avoid getting scammed in the first place. You may not notice that the domain is weird or the page is unsecured, but your autofilling password manager will. Of course, you need to listen to it when it says so, rather than trying to work around it!
I agree that using a pw manager and 2fa is great. But in this particular case couldn't it be a nightmare?
You don't have your 2nd factor device (phone) and someone else has access to it and presumably an email account too?
I guess they may still need the device's unlock code (PIN/finger print) to do more serious damage, but it'd be rough if you're trying to change your passwords, but can't because you are out your 2FA device. All the while the attacker is able to reset your accounts/passwords.
I'll also go further and say you should be using a password manager, so even if you do end up getting scammed out of a login, they can't easily compromise your other accounts (obviously this depends on the kind of account being scammed).
Use a password manager and 2FA whenever possible!