I think it's worth quoting from the Regulation of Investigatory Powers Act 2000 here, from section 50: Effect of notice imposing disclosure requirement. On the matter of having 2FA: (1)Subject to the following provisions of this section, the effect of a section 49 notice imposing a disclosure requirement in respect of any protected information on a person who is in possession at a relevant time of both the protected information and a means of obtaining access to the information and of disclosing it in an intelligible form is that he— (a)shall be entitled to use any key in his possession to obtain access to the information or to put it into an intelligible form; and (b)shall be required, in accordance with the notice imposing the requirement, to make a disclosure of the information in an intelligible form. Looks like if you have a 2FA key and it's on your person, that's fair game too - give it up or face the consequences. On the matter of giving someone else your 2fa key, the law is a bit more unclear: (3)Where, in a case in which a disclosure requirement in respect of any protected information is imposed on any person by a section 49 notice— (a)that person is not in possession of the information, (b)that person is incapable, without the use of a key that is not in his possession, of obtaining access to the information and of disclosing it in an intelligible form, or (c)the notice states, in pursuance of a direction under section 51, that it can be complied with only by the disclosure of a key to the information, the effect of imposing that disclosure requirement on that person is that he shall be required, in accordance with the notice imposing the requirement, to make a disclosure of any key to the protected information that is in his possession *at a relevant time*. (emphasis mine) This depends on what *at a relevant time* is actually defined as (something I can't find - anyone care to help?). Seems like it might buy you time, but nothing else. If they really want access, they'll get it.