"Something you have"- the computer that you are on. You would only store your authentication information on one machine running the virtualized camera auth system, just as it would be stored on your otherwise-separate smartphone. An attacker would not just have to get access to "a computer"- they'd have to get access to the computer that can authenticate as you. This is little different from requiring an attacker to get access to the smartphone that can authenticate as you.
If you have a key on the system you are on, just use it. Your complicated system of barcodes and virtual scanners adds nothing but complication to what was already a secure system. Or the system wasn't secure, and you can't use the insecure system to validate the security of the insecure system.
You and thedufer aren't doing this right. You see one objection, then bend the system to meet it, then see another objection, then rewrite the system to meet that, then so on, never considering the whole picture. You can't do security that way. You have to do it holistically. The whole system that you come up with has to be simultaneously secure against everything, and also needs to be the best possible solution. If you're looping a design around trying to solve one problem at a time (and not necessarily all that well) you've already lost.
