Right, what is described in that link is reasonable, none of those seem to have a reasonable chance of accidental approval (Even so I wouldn’t want for them to appear without me entering my password.), but that’s not what I got, while I doubt I personally would accidentally approve the 3 number one I got I can easily imagine someone doing it.
This kind of thing is what I got. https://janbakker.tech/number-matching-with-microsoft-authenticator-app-in-azure-mfa/ in the picture on that site it’s also one fat-finger from granting access to an attacker should it have been someone else. EDIT: To be fair this is 2 clicks on what I get, doesn’t change much though.
Also about the far away IP thing. I get this everywhere I try to log in, I tried my main PC and a separate PC on VPN in 3 different locations, not once did I have to enter my password for the prompt to appear on my phone.
I was gonna say, contrast this to Steam where I have to enter my username and password and only then get prompted to enter a 6 digit code from the phone on the PC where I want to log in. But they seem to have done away with the code for convenience (I assume) as well, anyway it’s still better because I have to enter my password for the prompt to appear so I know that if it does appear my password is compromised (What I assumed had happened for my email.). Add to this that steam also has a QR code you can scan with your phone for instant login without entering your pass or username so they win on convenience anyway.
Yeah thanks, I found that I could disable it by disabling the entire authenticator app (Still 2fa with other email/sms.), but there seems to be no way to have it so you need to enter a password for the prompt to appear though. And regarding convenience see the end of my other comment about steam. It’s doable without sacrificing significant security.