Why would I want that? If it is not me, I am not going to allow the login. Making it a notification makes it more likely I could fat finger an approval.

I guess you can make the argument that you are then made aware of login attempts, but that feels more like something the host service should control.

> Why would I want that?

Because to get that far they entered your password? Which you might like to change?

You did mention: "You are a two factor app."

If they've got past your first factor, you might want to know.