sabreW4K3@lazysoci.al to Technology@beehaw.org · 2 days agoGoogle binning SMS MFA and replacing it with QR codes • The Registerwww.theregister.comexternal-linkmessage-square11fedilinkarrow-up133arrow-down10
arrow-up133arrow-down1external-linkGoogle binning SMS MFA and replacing it with QR codes • The Registerwww.theregister.comsabreW4K3@lazysoci.al to Technology@beehaw.org · 2 days agomessage-square11fedilink
minus-squareFiskFisk33@startrek.websitelinkfedilinkarrow-up4·edit-216 hours agoA guess/suggestion: You have an app with a private key. The qr code contains data encrypted with the corresponding public key. Your app decrypts the data and transmits it to googles servers, proving you are in possession of the secret key.
minus-squareHazelnoot [she/her]@beehaw.orglinkfedilinkEnglisharrow-up1·3 hours agooh so it would just be app-based MFA but without using TOTP. That makes sense
A guess/suggestion:
You have an app with a private key. The qr code contains data encrypted with the corresponding public key. Your app decrypts the data and transmits it to googles servers, proving you are in possession of the secret key.
oh so it would just be app-based MFA but without using TOTP. That makes sense