> I should never be in a situation where there is an unexpected login I need to verify.
replyIsn't that kind of the point? If someone else is trying to login somewhere with your credentials, your two factor will ping up?
Why would I want that? If it is not me, I am not going to allow the login. Making it a notification makes it more likely I could fat finger an approval.
replyI guess you can make the argument that you are then made aware of login attempts, but that feels more like something the host service should control.