sabreW4K3@lazysoci.al to Technology@beehaw.org · 2 days agoGoogle binning SMS MFA and replacing it with QR codes • The Registerwww.theregister.comexternal-linkmessage-square11fedilinkarrow-up136arrow-down10
arrow-up136arrow-down1external-linkGoogle binning SMS MFA and replacing it with QR codes • The Registerwww.theregister.comsabreW4K3@lazysoci.al to Technology@beehaw.org · 2 days agomessage-square11fedilink
minus-squareHazelnoot [she/her]@beehaw.orglinkfedilinkEnglisharrow-up6·1 day agoI’m confused about how this is supposed to act as a second authentication factor 🤔
minus-squareFiskFisk33@startrek.websitelinkfedilinkarrow-up5·edit-21 day agoA guess/suggestion: You have an app with a private key. The qr code contains data encrypted with the corresponding public key. Your app decrypts the data and transmits it to googles servers, proving you are in possession of the secret key.
minus-squareHazelnoot [she/her]@beehaw.orglinkfedilinkEnglisharrow-up1·11 hours agooh so it would just be app-based MFA but without using TOTP. That makes sense
I’m confused about how this is supposed to act as a second authentication factor 🤔
A guess/suggestion:
You have an app with a private key. The qr code contains data encrypted with the corresponding public key. Your app decrypts the data and transmits it to googles servers, proving you are in possession of the secret key.
oh so it would just be app-based MFA but without using TOTP. That makes sense