I understand that 2FA increases security if you are using two different devices, for instance a computer and a mobile phone.
I fail to understand how these security measurements help if you are doing everything on your mobile device.
Imagine if I login to my bank website with username and password om my mobile phone. I will then get an SMS code on my mobile phone, which I can of course read, so with which I can simply proceed to login.
The same principle applies if the 2FA is an e-mail or an authenticator app.
Of course your mobile phone can be locked by a PIN code and you still need the username/password for the bank website.
However your browser allows you to remember the username and password, leaving only the PIN code as only safeguard (if you have one).
Isn’t this just as insecure as just having 1FA ?
Shouldn’t we consider anyone who logins via his mobile phone just as insecure as 1FA?
And if so why don’t websites block this approach?
What’s the point of 2FA anyway if an increasing amount of users just use their mobile phone for these things?
Isn’t the risk of people having their phone stolen a lot higher than a computer or laptop stolen ? Even worse here is that most website allow you to use “forgot my password” to send to your e-mail account, which probably is also on your mobile phone. So in that case even your bank account is only protected by the PIN code of your mobile phone.
Is there a possibility to improve the security when one is using only his mobile phone ?