This appears to be leveraging the complexity associated with setting up MFA using QR codes which to the uninitiated is sheer magic.

It’s unclear why a user who understands the process would ever scan a QR code using their authenticator application during the process of signing in anywhere.

It’s entirely possible that I don’t understand the article, in which case, can someone please enlighten me?