[lxgr]

Speaking of iPhone Mirroring: Doesn't this effectively downgrade two-factor authentication to a single factor for flows like "tap 'yes' on your phone to login"?

I've been wondering if there is a way for iOS authenticator apps to opt out of mirroring, but haven't found anything so far.

[anderiv]

Don’t think so. Push notification flows like this fall into the “something you have” category (which you still do when using mirroring) and additionally when done properly, they require biometrics verification to respond to the “tap yes”.