I agree that using a pw manager and 2fa is great. But in this particular case couldn't it be a nightmare?
You don't have your 2nd factor device (phone) and someone else has access to it and presumably an email account too?
I guess they may still need the device's unlock code (PIN/finger print) to do more serious damage, but it'd be rough if you're trying to change your passwords, but can't because you are out your 2FA device. All the while the attacker is able to reset your accounts/passwords.
You don't have your 2nd factor device (phone) and someone else has access to it and presumably an email account too? I guess they may still need the device's unlock code (PIN/finger print) to do more serious damage, but it'd be rough if you're trying to change your passwords, but can't because you are out your 2FA device. All the while the attacker is able to reset your accounts/passwords.