In a few weeks I’ll do a workshop about security for people who are tech illiterate, I plan to teach about password managers and 2FA.
If I show the 2FA number codes, like the 123 456 ones that I have to paste when required, can that be a possible security breach for me? or is it save since is gonna change in a few seconds anyway?
It’s as safe as “leaking” an encrypted document. No one can figure out your TOTP secret unless they brute force it with only a leaked code or two. But if it worries you, you can always change your TOTP secret by going through 2FA setup again.
Also, even if someone knows your second factor, they still need your first factor (your password).