How am I supposed to scan a QR code sent to my phone… with my phone?
On Android you can use Google Lens or, if you don’t want to use Google products, any random QR code scanner app.
No idea about iPhone as I’ve never owned one, but I’d assume most QR code scanners can do that there as well.
I’m confused about how this is supposed to act as a second authentication factor 🤔
A guess/suggestion:
You have an app with a private key. The qr code contains data encrypted with the corresponding public key. Your app decrypts the data and transmits it to googles servers, proving you are in possession of the secret key.
oh so it would just be app-based MFA but without using TOTP. That makes sense
Qrs don’t seem safe to me
Scanning a Qr allows the installation of malware apps so I can look at a restaurant menu, & ding my card for recurring charges?The devil’s in the details. And there aren’t much details in this article.
The real reason is that they want to save money on the text messages (outside of the US they need to pay $0.05 each time), not because they actually care about user security.
Like when xitter ran out of money and didn’t pay their sms bills and people were locked out of their accounts
i mean, it’s also a security issue. sms is plaintext all the way from them to you.
Also, it’s dead simple to send someone else (or tell them over the phone) 6 numbers, when you’re being phished. Much harder for people to send someone a QR code.
Sadly the article is very light on how this actually works. I’m guessing it involves setting up an authenticator on the phone (something they encourage anyway) and just using a QR code as a new way of interacting with it?
