Should a 2FA app require authentication to grant access to 2FA tokens?

I don’t know the theoretical background for 2FA so I’m asking here.

I’ve used a few 2FA apps before including Duo Mobile and Steam Mobile (Guard). When Duo is opened, it will display your tokens as you expect, but with Steam your Guard token is displayed wether you are logged in or not. The Guard behavior caught my attention because I was expecting to need to be logged in first to see the token, since the token is tied to my account unlike with Duo where services are registered for use. That being said, Duo could use a master password (a la LastPass) so further protect the tokens.

So my question is do the workings behind 2FA (mobile apps specifically) consider if a user should be authenticated on the 2FA app to get access to tokens?

My theory is the security level is the same as SMS 2FA, where you can assume only the real user can access tokens because they know the phone’s lock screen pin. In this system, the phone is the authenticator and exclusive access is granted by knowing the lock screen pin. But with 2FA apps, the app is the authenticator, but has no way to provide exclusive access. Anyone with access to the app (imagine a shared phone where 2+ people know the lock screen pin) can access the tokens.

Are there any models of operating systems which don’t require rings of privileges, that are also secure?

I am working on a simple operating system in JavaScript and have noticed that there are two kinds of processes: the “main” process (or “kernel” process), and all the other processes. Basically they are implemented completely differently (which makes sense). But I’m wondering if you could reuse some of the logic and just have it all be one type of process. Do any operating systems do this? If so, what do they do? If not, why not?

Does every potion require an Action to consume?

The PHB description of a Potion of Healing states:

A character who drinks the magical red fluid in this vial regains 2d4+2 hit points. Drinking or administering a potion takes an action.

(emphasis mine)

My question is does this final sentence apply to all potions or just healing potions.

The DMG Description of a Potion of Healing does not explicitly specify that it requires an action to drink or administer.

The DMG p. 141 states that:

If an item requires an action to activate, that action isn’t a function of the Use an Item action…

But the “if” there clearly implies that there are magic items that do not require an action to activate.

The section on consumables on the same page says nothing about how long an item takes to activate.

We know that one could, for example, “drink all the ale in a flagon” as a free object interaction (PHB p. 190) but we know that a Healing Potion, at least, is an exception to that rule and always requires a full Action to consume.

This came up at the table with a potion of fire breathing. I made an at-the-table ruling that since healing potions require an action to consume, that one would as well. But is there clear guidance somewhere in the rules that I’ve missed? Or are we meant to take the final sentence of the PHB description of a Potion of Healing as the general rule?

Does Mage Hand require line of sight to summon?

I’ve seen many questions asked about whether or not you need to be able to see your Mage Hand in order to control it. However, can Mage Hand be summoned through a wall or other such obstruction? Mage Hand’s description states (PHB pg 256):

A spectral, floating hand appears at a point you choose within range. The hand lasts for the duration or until you dismiss it as an action. The hand vanishes if it is ever more than 30 ft away from you or if you cast this spell again.

The part I’m interested in is “a point you choose within range”. So that brings me to my question: can you summon a mage hand at a point you cannot see? For example, on the other side of a wall or door; a point you know exists, but you simply cannot see from where you are.

Here’s a hypothetical situation to hopefully help clarify my question. Say a caster needs to get into a room, but the door is locked. The caster wants to cast Mage Hand behind the door to then unlock it from the other side. Could they do that?

Does a cantrip fired with the Ready Action require concentration?

The SRD states the following for the Prepare action:

First, you decide what perceivable circumstance will trigger your reaction. Then, you choose the action you will take in response to that trigger, or you choose to move up to your speed in response to it.

When you ready a spell, you cast it as normal but hold its energy, which you release with your reaction when the trigger occurs. To be readied, a spell must have a casting time of 1 action, and holding onto the spell’s magic requires concentration.

It explicitly states that you can use this to cast a spell. Can you use this to cast a cantrip as well? To me it sometimes seems unclear whether a cantrip is considered a 0th level spell for these scenarios.

Furthermore, does this also require concentration for the cantrip, even if it does not normally require concentration?

Do any desktop PC motherboards require hardware token authentication?

Scenario: I am assembling a desktop computer. I buy an ASUS XYZ motherboard because it will not run — or, even better, its running state cannot be altered, short of pulling the plug — without hardware token authentication. The XYZ motherboard comes with two YubiKeys. If I lose those, I can buy additional copies from ASUS, after posting bond and passing a DNA test.

I’m kidding about the DNA test. Or maybe not. The question is, does anything like the ASUS XYZ motherboard exist?

A prior question initially appeared to be seeking the same information, but its focus on laptops seems to explain its apparent satisfaction with a software solution oriented toward data encryption (e.g., Sophos SafeGuard Easy).

Do magic staves require the wielder to have their spells on his/her list in order to cast them?

All of the magic staves in the 5E DMG simply state that the wielder can use an action and expend 1 or more of its charges to cast one of the spells from it. Literally none of them require the spell to be on the caster’s spell list.

But a few of the magic staves from the Lost Mines of Phandelver–the Staff of Defense and the Spider Staff–specifically say “if the spell is on your class’s spell list”…is this a typo? A new addition to the rules on magic staves? Or just something specific to these particular staves (for some unknown reason)?

Does poking yourself with a needle with the intend to do damage require the Attack action, or can it be done as a (free) object interaction?

Does poking yourself with a needle hard enough to cause damage require the Attack action, or can it be done as a free object interaction?

This task is certainly no more involved than opening a door, which is the example of an object interaction in the PHB. Also, having your player do an Attack roll for such a trivial thing feels ridiculous. However, this would provide an easy way to sustain your rage when you cannot attack or are not attacked.