How we can fix QR code security risk.

Majed

• 04:07 Ngày 13 tháng 07 năm 2022

Well I quickly brainstormed this idea, Well allowing users to scan a QR code to gain instant access seems like a massive security risk! I have 2 ideas on how we can tackle this security risk. 1. Users should have an option in settings to toggle on/off QR code by default it is off, the user can only turn it on if they have 2FA activated! 2. When you scan rather than giving access instantly, make the user have a 2FA popup asking them to login via 2FA.

1

• 

  blackwolfwoof

  • 13:48 Ngày 16 tháng 07 năm 2022

  The purpose of the QR code login is giving a fast and easy way to log in on other devices with your phone, without having to input your password, email and optionally 2fa code. 
  I personally think when you haven't used the feature in a while it gives you a popup explaining what can go wrong when you scan QR codes that didn't come from discord.com.
  That way new users or users who didn't use it in a while or have no idea what it is for will get a warning they cannot click away for lets say 15 seconds or without typing "i understand".
  If only people with 2FA should be allowed to use it and then asking for a 2FA code kinda defeats the purpose of the fast QR code login we have now and still doesn't tell the user not to input the code since it can potentially be phishing.

  0

Vui lòng đăng nhập để lại bình luận.