Curious, which apps seem to be affected? Anecdotally, I hadn't seen any issues on my phone this morning with anything asking for a password, but on my laptop I did see a login prompt when i woke it from sleep.
While this comes too late to help you right now, I recommend looking at running a 2FA app on your laptop or desktop like this - https://github.com/gbraad/gauth so that you are not in this situation again.
Either that or grab a cheap Android handset and use it as a backup. The standard 2FA app on Android needs nothing more than occasional network connectivity to keep the clock in sync. You don't even need a Google account, the app is on FDroid.
Cloudflare is huge and many of us rely on it, so I hope you can easily avoid this predicament in the future - good luck!
>I recommend looking at running a 2FA app on your laptop or desktop
I very strongly recommend against doing this: If you do that, you are giving up a lot of security provided by that second factor as the malware you are using 2FA to protect against now also has access to the keys used to create the 2FA token.
This is a fair point of course, but running it on a second laptop is probably more secure than running it as a mobile app. You wouldn't run it on the same machine you are pushing production code out from, it could be a personal laptop with no access to company systems. I didn't make this point clear in my original comment though.
"DISCLAIMER: This open source project allows you to download the code that powered version 2.21 of the application. Subsequent versions contain Google-specific workflows that are not part of the project."[0] The Play Store version is 2.49[1], but I also don't know what "Google-specific workflows" really entails.
If you're really desperate: When I last checked, Google Authenticator's keychain entries were not marked "this device only", so they can be extracted from an encrypted backup using something like "iphone-dataprotection" tools.
