Remove the stupidly insecure QR login

JesusFreak

• 13 de enero de 2020 13:01

I don't know what you guys were thinking adding this:

You can now log in to desktop using QR Codes. If you’re logged into Discord on your mobile device, just use your phone to scan the QR code on the Discord desktop app or webpage and you’re in.

Of course, my first reaction was that if people are stupid enough to scan a random QR code, they deserve to have their account compromised. However, as a server owner I am concerned for the sanctity of my group (I did post an announcement with a notice about this and warned my group anyone who's compromised account started spamming would be banned).

This is one of the most easily exploitable features I've ever seen. I've been an IT professional for over 15 years with a focus on corporate IT security. There is absolutely no reason to have something like this. I understand wanting to make things easier for users, but having a system that bypasses 2FA is simply ludicrous. 

 

8

• 

  $h4døw__Hunt3r

  • 13 de enero de 2020 13:08

  2 things
  1. Ok Boomer
  2. People offer about adding more security like how google has on their login system (the number thing and 3 buttons on the mobile end)

  -14
• 

  『Endless』(Kogaruh)

  • 13 de enero de 2020 19:12

  I wouldn't remove the feature. But improving it, is an option.

  2
• 

  jjcurry812

  • 14 de enero de 2020 13:12

  2 things Shadow_Hunter...

  1. OK Snowflake.

  2. I bet you still use "PASSWORD" for all your banking logins too, because everyone is essentially "GOOD", and would never abuse an exploit.

  1

Iniciar sesión para dejar un comentario.