Require 2FA after QR Code Scan

Comments

3 comments

  • Adaly1

    Je suis de mêmes avis, 2FA chaque doivent avoir sont authentiques facteur.

    0
  • weboy

    This sound more like you dont understand how 2fa works, 2fa is not a magic pill that just makes it impossible to login to your account. sure ... Discord could ask for the code when logging in, but then the hackers will simple just forward the 2fa page also...

    The only way to combat this is to check that you are actually on discords website when logging in, and not a fake one setup by hackers.

     

    0
  • Nebula Rasa

    weboy

    It adds a layer of security and forces people to understand that they are logging into an account and not just scanning a code. Most people who have 2fa configured would not enter 2fa on anything except for a login prompt, but they may be more likely to scan a QR code especially as that has been so normalized in society in the last few years.

    Security is all about adding layers. There is no such thing as a magic pill in information security. No one should expect that. Everything is about adding layers of defense. 

    I have another feature req related to this here, both together makes for a best practices configuration to prevent account compromise: https://support.discord.com/hc/en-us/community/posts/12109842009623-Require-Out-of-Band-OOB-Acknowledgement-For-Unknown-Location-Sign-On 

    Both should be configured and deployed.

    0

Please sign in to leave a comment.