Forum Discussion
MS Authenticator feature proposal: Approving authentication push requests in advance
When I sign in with 2FA at my desktop, I need to wait for the push message to appear in the Authenticator app. It would be very convenient to click to submit login at the desktop and at the same time...
would that not negate 2FA?
Tanya Dentonas long as the confirmation is bound to the time of my login and is done at the device I own I would still consider it 2FA. I suggest two allow confirmation in advance for the next X seconds (maximum of 10 seconds).
Comparison with current process:
Currently I confirm login at my mobile device after I logged in. An attacker could watch me and trigger login shortly before I do and I would confirm attacker's login.
Current confirmation could be more secure but isn't:
The user could have some information about the login device (e.g. operating system and IP based region) but this is currently not displayed when confirming login.
