Google binning SMS MFA and replacing it with QR codes • The Registerwww.theregister.comexternal-link sabreW4K3 ( @sabreW4K3@lazysoci.al ) Technology • 1 month ago message-square11fedilinkarrow-up138
arrow-up138external-linkGoogle binning SMS MFA and replacing it with QR codes • The Registerwww.theregister.com sabreW4K3 ( @sabreW4K3@lazysoci.al ) Technology • 1 month ago message-square11fedilink
minus-square Hazelnoot [she/her] ( @hazelnoot@beehaw.org ) linkfedilinkEnglish7•1 month agoI’m confused about how this is supposed to act as a second authentication factor 🤔
minus-square FiskFisk33 ( @FiskFisk33@startrek.website ) linkfedilink6•edit-21 month agoA guess/suggestion: You have an app with a private key. The qr code contains data encrypted with the corresponding public key. Your app decrypts the data and transmits it to googles servers, proving you are in possession of the secret key.
minus-square Hazelnoot [she/her] ( @hazelnoot@beehaw.org ) linkfedilinkEnglish2•1 month agooh so it would just be app-based MFA but without using TOTP. That makes sense
I’m confused about how this is supposed to act as a second authentication factor 🤔
A guess/suggestion:
You have an app with a private key. The qr code contains data encrypted with the corresponding public key. Your app decrypts the data and transmits it to googles servers, proving you are in possession of the secret key.
oh so it would just be app-based MFA but without using TOTP. That makes sense