RE: How Trustless and private is using Light Client with an API provider
Regarding the 2 of 2 multisig 2FA model, what else can be compromised besides day to day wallet funds?
What exactly do you mean by compromised? In the scenario we are discussing, I assume that to mean having the capability to do irreversible damage.
Assuming the user's active key is safe, the 2FA provider can only deny access to but not really compromise their account. And if the user has set up the owner authority properly so that they have full control, that access denial is temporary. The user would have to fetch their cold storage brain key to sign a transaction using the owner authority to remove the 2FA provider from the active authority set and get back full control of their account with no funds lost.
If some attacker compromised the user's active key (say by hacking the computer that they use the client on), then the user's funds could be compromised as long as the 2FA provider was also colluding with the attacker, which is unlikely to happen. Even in this worst case scenario, assuming the user has set up an owner authority with proper cold storage keys, the user would still be able to recover access to their account (meaning they keep their account name) even if all funds were stolen.
Thank you arhag, added to the FAQ.