your password is the formula. you never type the formula. you calculate it in your head and you just type it out. even if there was a key logger they wouldnt be able to steal the code since its always changing. no one will know ur formula.
This doesn't make any sense. The client (software) also have to know the same formula -- the one that is in your head -- otherwise how does the software check if your number is correct?
2FA doesn't work with decentralized system. It works when there are two parties, one is a server, and the second one is your phone, both have the same
secret and can verify the code generated by the same shared secret. What you are saying makes no sense, as you and the software you are using must have the same formula on the same machine. That doesn't add any security.
Not impossible, just different.
What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.
Then someone with my phone cant use my nxt unless they have my qr code also, 2 factors of authentication.