The main problem I see (based on the screenshot in the article) is that it still allows the attacker to initiate the auth flow from the outside, and the clueless user would in doubt just unlock for them. I don't see how the proposed scheme would prevent this phishing attack. It seems to be worse than the SMS 2FA part where one would at least have to enter the SMS code into some suspicious website.
My method of choice would rather have been what is established now for 2FA with time-based one-time passwords (TOTP). Here the attacker can't initiate the auth flow from the outside.
I'm already in the auth approval hell working as consultant with multiple separate corporate customer and all the 2fa authentications needed in my daily activities. Including fun broken flows that mean I get notification that I don't even need, because I need to use different account...
In the end this likely only leads to training people to automatically approve anything as every little piece of software on their machines needs approval once a day or more often at worst...
I think that for the cases where you're authenticating on one device in order to allow access on another device, this is done by bluetooth communication between the devices, and as a result you have to be within bluetooth range of the auth device to initiate the auth flow.
My method of choice would rather have been what is established now for 2FA with time-based one-time passwords (TOTP). Here the attacker can't initiate the auth flow from the outside.