As with the iPhone, when a 2FA request is sent to the Apple Watch, the user has to interact with the app and click “Approve Request.” But shouldn’t approval of 2FA notification be automatic as long as the Apple Watch is on your wrist and unlocked?
The watch being on your wrist and unlocked already confirms the second factor of authentication. It seems redundant to have to click “Approve Request” for 2FA on the Apple Watch. For example, when logging into a Macbook, if the user is wearing an Apple Watch, the password requirement is bypassed altogether - no extra steps are needed. The same should be the case for Duo 2FA requests - no extra steps.
This would be a great feature that would make logging in with Duo easier and would take advantage of the unique nature of the Apple Watch as opposed to just treating it like just a tiny iPhone.