Two factor authentication (2FA) schemes provide strong user authentication guarantees and increase the security of a wide range of web services. However, 2FA schemes still largely remain vulnerable to phishing attacks in which attackers also phish users' second factor (e.g., their OTP tokens). We propose 2FA-PP, a phishing detection scheme that protects users' 2nd authentication factor from phishing attacks. 2FA-PP uses novel browser APIs that support direct communication between browsers and external devices (e.g., mobile phones) and enables the user's phone to check the domain to which the user is connected. The second factor is then only made available to the user if he is accessing the correct domain. 2FA-PP can be combined with different 2FA schemes, both interactive, based on OTP, QR codes and non-interactive, based on device pairing or proximity.