Comment on Google binning SMS MFA and replacing it with QR codes • The Register
hazelnoot@beehaw.org 1 month ago
I’m confused about how this is supposed to act as a second authentication factor 🤔
Comment on Google binning SMS MFA and replacing it with QR codes • The Register
hazelnoot@beehaw.org 1 month ago
I’m confused about how this is supposed to act as a second authentication factor 🤔
FiskFisk33@startrek.website 1 month ago
A guess/suggestion: a
You have an app with a private key. The qr code contains data encrypted with the corresponding public key. Your app decrypts the data and transmits it to googles servers, proving you are in possession of the secret key.
hazelnoot@beehaw.org 1 month ago
oh so it would just be app-based MFA but without using TOTP. That makes sense