Nice Article but the App does have issues, when using the authenticator on a personal account I've been receiving push notifications requesting verification that clearly aren't from me and it has become more frequent, it is an annoying ritual to deny or ignore these request. I'm guessing they are hoping I'll make a mistake and accidently grant access. Also the Authenticator doesn't log these failed\denied push notifications to recent activity so it is difficult to figure out the source of these requests.
So basically I can potentially get push notifications all day long from a bad actors. I would also like an option to limit push notifications so when accessing a new device a email plus a short secret is required (visible in the App) before the notification is sent. This way I won't get harassed by bad actors, which is starting to make this application more of burden then a blessing.
Please log failed\denied attempts to recent activity. I also noticed the logging in recent activity on a personal account isn't very robust, a number of times the machine I log into didn't show up in the logs, the logs contain 2 events, the authenticator and the machine, I'm not sure is intuitive to have 2 events for each sign-in, or at least label it as the authenticator instead of Browse\App Unknown. If the recent activity logs aren't accurate or confusing it makes them hard to trust.