In a few weeks I’ll do a workshop about security for people who are tech illiterate, I plan to teach about password managers and 2FA.
If I show the 2FA number codes, like the 123 456 ones that I have to paste when required, can that be a possible security breach for me? or is it save since is gonna change in a few seconds anyway?
As you suspect, only during the sixty or so seconds that they are valid.
SMS-based codes tend to be longer lived.
They’re useless without your other authentication factors, e.g. login, password.