If you really want to allow for another browser to authenticate a login request, you can at least limit it to sessions coming from the same IP.

That would let you authenticate your desktop browser from an email you opened on your phone if you're on your home network, but without becoming widely exploitable by phishers.