MS Authenticator feature proposal: Approving authentication push requests in advance

Copper Contributor

When I sign in with 2FA at my desktop, I need to wait for the push message to appear in the Authenticator app. It would be very convenient to click to submit login at the desktop and at the same time approving login in advance at the device. This removes the wait time for 2FA and makes 2FA login faster overall.

The approval at MS Authenticator should be valid for one login during the next 10 seconds.

2 Replies

@Tanya Dentonas long as the confirmation is bound to the time of my login and is done at the device I own I would still consider it 2FA. I suggest two allow confirmation in advance for the next X seconds (maximum of 10 seconds).

 

Comparison with current process:

Currently I confirm login at my mobile device after I logged in. An attacker could watch me and trigger login shortly before I do and I would confirm attacker's login.

 

Current confirmation could be more secure but isn't:

The user could have some information about the login device (e.g. operating system and  IP based region) but this is currently not displayed when confirming login.