210
Can I refuse MS Authenticator?
(lemmy.ml)
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
If it is just the location, then it could be spoofed.
If it is something that requires physical presence, then you need both devices to communicate with each other. If it is not done via QR code (like some online banking do), then both devices need to be connected, e.g. via WiFi or Bluetooth. In this case, if an attacker controls one of the devices (that's the class of attacks 2FA should prevent you from), the attacker probably controls both devices. So what's the point then?