Sep 12 2022 12:26 AM
When I sign in with 2FA at my desktop, I need to wait for the push message to appear in the Authenticator app. It would be very convenient to click to submit login at the desktop and at the same time approving login in advance at the device. This removes the wait time for 2FA and makes 2FA login faster overall.
The approval at MS Authenticator should be valid for one login during the next 10 seconds.
Sep 12 2022 01:13 AM
Sep 12 2022 01:53 AM
@Tanya Dentonas long as the confirmation is bound to the time of my login and is done at the device I own I would still consider it 2FA. I suggest two allow confirmation in advance for the next X seconds (maximum of 10 seconds).
Comparison with current process:
Currently I confirm login at my mobile device after I logged in. An attacker could watch me and trigger login shortly before I do and I would confirm attacker's login.
Current confirmation could be more secure but isn't:
The user could have some information about the login device (e.g. operating system and IP based region) but this is currently not displayed when confirming login.