If you can get a SMS on your desktop, doesn't that blow up 2FA? If someone can log in to my PC with a password guess, and use stored passwords that browsers insist on keeping, surely they can read the 6 digits that get them into my bank account.
That's why I never enabled the Windows/Android phone link.