I think the procedure I described also can do this, but the 6-digit code is sent in the background. I don't see why a human has to physically write out 6 digits from phone to computer, instead of it just happening automatically.
I main difference here is usability. The current process is going into an app, finding+choosing the website from a list, tapping that website, manually copying from one screen to another, checking that you copied the digits correctly, then confirming. This is stressful and takes about a minute. A process where you just confirm a dialog, or use your fingerprint takes 2 seconds, and doesn't require the mental effort of memorizing and writing out 6 digits. If the people working on security can't see the enormous difference between the two workflows, then this is hopeless.
It's the same issue that plagues the security-minded people who think regular users will go around copying and storing each others' PGP keys.
I main difference here is usability. The current process is going into an app, finding+choosing the website from a list, tapping that website, manually copying from one screen to another, checking that you copied the digits correctly, then confirming. This is stressful and takes about a minute. A process where you just confirm a dialog, or use your fingerprint takes 2 seconds, and doesn't require the mental effort of memorizing and writing out 6 digits. If the people working on security can't see the enormous difference between the two workflows, then this is hopeless.
It's the same issue that plagues the security-minded people who think regular users will go around copying and storing each others' PGP keys.