Does anyone know if it is possible to enable MFA authentication to also disable screensaver lock (without touchID)?
Normally the user has to enter their account password (local or idP Password) or their touchID (within 48 hours) to disable the screensaver lock.
Is it possible to enable MFA authentication in addition to login after the screen lock?
I ask this because it is important for security reasons. MFA authentication should provide a "second" layer of security in case the account password is hacked or stolen. If the computer is in screen lock mode, a malicious person can unlock the computer with the user's stolen password without a second check.
It would be good if the OTP pin, already configured with offline MFA, would be also requested for screen lock mode.
