Feature Request: push notification sent to the mobile application anytime the user is prompted for a 30-second TOTP code.

[ThomasHabets]

Original issue 151 created by OrtusDux on 2012-03-19T16:53:33.000Z:

Pros: -In normal usage, the user should never have to manually open the app. -Malicious login attempts would be immediately noticed by the account owner.

Cons: -Confusion with multiple devices. -Phone usage interruptions.

Above and beyond: -A 'lock down my account' or 'report suspicious login attempts' button in the app could help google flag ip addresses of hackers in a fashion similar to the report spam button in gmail.

tldr: I would love it if the passcode prompt pushed open g-authenticator as smoothly as sending map directions over chrome2phone opens gmaps.

[ThomasHabets]

Comment #1 originally posted by goatencopyrighted on 2013-06-03T00:38:34.000Z:

On a new phone you can't bloody login to you Google account because the app isn't installed and you can't access SMS if choosing "Don't have your phone?" option before the initial phone startup tutorial. Omfg so annoying

[ThomasHabets]

Comment #2 originally posted by ParkerKuivila on 2013-11-22T23:46:10.000Z:

The Twitter app does this for their two step authentication. In terms of the cons you give

1) I don't see how there would be confusion with devices, all the devices should generate the same code 2) Interruptions: You can always disable notifications, and people can continue using the app as they do now

I see no reason this shouldn't be implemented.

[ThomasHabets]

Comment #3 originally posted by thejonesyboy on 2014-03-12T05:44:52.000Z:

The Facebook app does this perfectly. It provides a push notification that opens the Facebook Code generator app. C'mon Google keep up!

[ThomasHabets]

Comment #4 originally posted by davidworkman9 on 2014-03-27T15:36:38.000Z:

If this was implemented you could simply have a deny/allow button on the mobile app instead of having to enter a token.

[jimi008]

This will be a nice and helpful feature if added in app. Recently lastpass added this type of feature in their authenticator. +1

[akerl]

The google auth app just implements HOTP/TOTP; the server has no way to know what device you have or how to communicate with it. And there's not a challenge it could send over the wire, since the whole algo is based on symmetric keys.

[ThomasHabets]

Like akerl said this is not a GA feature request, but a feature request for the services you log in to.

And it looks like Google has released this earlier this year:

http://googleappsupdates.blogspot.com/2016/06/new-settings-for-2-step-verification.html https://www.neowin.net/news/google-takes-the-pain-out-of-two-step-verification-with-new-push-notifications

Closing.

[ebauch]

please make this happening - my two factor auth works flawlessly with other accounts and push notifications but not GIT?!

[ThomasHabets]

There is nothing more to be said that adds value after my last comment. I'm locking this issue.