> I use two of these on a laptop and desktop and I have never unplugged them; there's no reason to.
I use a Yubikey for ${WORK} and we are required to remove such tokens as soon as they have fulfilled their purpose. On pain of disciplinary action, as it is considered on par with leaving a password on a Post-it.
Otherwise there's no point in them as an additional security step in the event that the laptop is lost or stolen.
If laptop is stolen you can revoke it, and your password shouldn't be compromised at this point. And hacking through phishing is way more likely in any case (security keys protect against it while regular 2fa doesn't).
Additionally, if somebody removes the token, dumps a bunch of OTPs and then puts it back, as soon as you use the token once, it will invalidate all previous ones so their dump will be reasonably useless. I leave my key in my computer when I'm at my desk but have it attached to my keychain so that I take it with me if I leave my desk.
I use a Yubikey for ${WORK} and we are required to remove such tokens as soon as they have fulfilled their purpose. On pain of disciplinary action, as it is considered on par with leaving a password on a Post-it.
Otherwise there's no point in them as an additional security step in the event that the laptop is lost or stolen.