You are wrong
Full disclosure, as I am PhotoLogin beta user.
Your theory will not apply because you are making assumptions and might have misunderstood how PhotoLogin works. Your assumption means that 1) the hacker is actually present at the victim’s physical location, using the exact same computer and same IP address plus the victim's phone 2) the hacker already has the victim’s computer password, mobile phone’s PIN, and Victim’s PIN or fingerprint to his LogMeOnce account.
Is this really a scenario anyone should worry about?
I am sure you are aware of an unrelated hack, called keyloggers, that simulates keyboard action for computers. That is a huge, actual risk, and security experts advise using two-factor authentications to combat it. What you are saying is that it's ok to be lazy, by relying on a lone password with a single protective layer, but do not go for Two-Factor Authentication! Your theory and suggestions are against what security experts advise.
With PhotoLogin, LogMeOnce is using multiple factors of authentication, Passcode, Photo, device step up, and the PIN. And Two-Factor Authentication is running in the background. Keep in mind the photo in this program self-destructs in 60 seconds, and captcha kicks in after 5 attempts! Without PhotoLogin, end users are relying on a lax 4 or 6 digit passcode…!
Biting the hand that feeds IT
