Use a button number method for QR code signin!
As like with Google when you sign in and it detects that it's an highly unusual activity of a sign in, Google shows three buttons on the desktop with numbers in the box and displays one number on the mobile phone and tells you to click on this number to sign in.
Discord should probably have a user type in two numbers to verify it's them, if they type the number wrong, invalidate the qr code and require to rescan a new qr code!
This will help.0
This would still not be sufficient. Yes, this will stop attackers from just posting the code into random servers and waiting for a person to scan it but it doesn't stop personalized attacks. The attacker could still send you the QR code as a private message (stating that you have won a giveaway or something) and tell you to scan the code and share the digits with you. Even if the digits would change every minute or so, this can still be done if the attacker is quick enough.
The attacker could even talk you through the process in a voice chat to get around the time issue I mentioned.0
Please sign in to leave a comment.