2FA isn't double checking to make sure you meant to log in. It's verifying that you are the person logging in. Alert fatigue is a real issue as you point out and we need to make sure to not overwhelm users which is one major benefit of federated authentication.
The problem with taking an "undo" philosophy here is that it's very hard (impossible?) to undo the transfer of information which is what attackers are after in many breaches.
The problem with taking an "undo" philosophy here is that it's very hard (impossible?) to undo the transfer of information which is what attackers are after in many breaches.