Yep exactly. Authentication is primarily handled with session data, so passwords never leave your device, but we also support setting secrets.
Here is more info on auth and security: https://docs.autotab.com/manual/security
For 2FA, different users take different approaches. Everything from teaching Autotab to pull auth codes from their email, to setting intervention requests at the top of their skills, to enterprise integrations that we support with SSO and dedicated machine accounts.