Hi,
I adore the idea of the TFA for connections feature but it seems it's device specific? If I replace my phone will I ever be able to connect to hosts I have TFA for connections setup on without physically traveling to the computer in question to clear the old device? Many of the computers I connect to are not easy to physically access. It seems like I'm going to create a nightmare situation when I replace my phone. This makes the TFA for connections a MAJOR liability and frankly unusable. It doesn't seem very well thought out to me honest. I have have over a hundred PCs I connect to and the thought of setting this up and then replacing/losing my phone makes my skin crawl. Not even considering the hot mess physically logging into each host individually and setting it up again will entail. (Also not to mention I have to login and set this up manually on EACH one to begin with??)
Why not a prompt for the standard authenticator code as an option on the device you are connecting from and the standard Approve/Deny prompt on setup devices?
Also, why is there no ability to universally allow a TFA approval device on your account? It seems this can be done without compromising the integrity of the TFA mechanism.
If I am understanding functionality correctly this is a feature that should not be released in the public channel until it is properly developed. It is setting people up to be unwittingly locked out.
Am I off base here?
