In order to fight against 2FA bombing possibilities, I’d like to see Duo not only show the notification that a 2FA approval is needed, but it also show a two or three letter/number code on the screen of both the computer and smartphone to confirm that it was the specific login attempt I just did. I know it would be rare to be logging in at the exact same time as a hacker who happens to have stolen your master password, but I am sure it will happen someday when someone has hijacked my machine and is watching me type with a keylogger.

Dan

Welcome to the community BTW. I’m not sure if this will help but there was a recent post similar to this.

Hi @Dan_Shenk-Evans, thank you for posting!

Short answer: Yes. You have the winning idea.

Duo has been developing a short alphanumeric code that lets the end-user verify their own two-factor push notification. We plan to release this with general availability in Fall '22.

Tim