[daniellarusso]

For multi-factor, could you use an Android emulator running on your PC?

Obviously, that does not work for the doorlock.

[gravitas]

This will depend on the solution - a common Enterprise solution, RSA SecureID SoftToken, includes the ability to IMEI lock the app on the user (I am not sure if this is required or optional, I'm an end-user not RSA admin) to ensure it only runs on company provisioned mobiles (many companies use further solutions such as MobileIron on all provisioned devices for fleet management).

[icebraining]

Running it on the same machine would defeat much of the purpose.

A better idea is to just turn it on for 2FA, then turn it off again.

[daniellarusso]

That was my point. Using a mobile phone as a second factor seems more like an inconvenience.

Other sibling mentioned IMEI pinning, but I assume the emulator can spoof IMEI.

I am all for a separate physical device, just not a phone.

[icebraining]

A phone is just a computer, just like any other device. What do you have specifically against it? You can just keep it turned off except when you need to use it for 2FA.