this post was submitted on 25 Feb 2025
38 points (100.0% liked)

Technology

38455 readers
444 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
coldredlight@beehaw.org
remington@beehaw.org
38
Google binning SMS MFA and replacing it with QR codes • The Register (www.theregister.com)
submitted 1 month ago by sabreW4K3@lazysoci.al to c/technology@beehaw.org
11 comments fedilink hide all child comments
top 11 comments
sorted by: hot top controversial new old
[–] Moonrise2473@feddit.it 24 points 1 month ago (1 children)

The real reason is that they want to save money on the text messages (outside of the US they need to pay $0.05 each time), not because they actually care about user security.

Like when xitter ran out of money and didn't pay their sms bills and people were locked out of their accounts

[–] lime@feddit.nu 5 points 1 month ago (1 children)

i mean, it's also a security issue. sms is plaintext all the way from them to you.

[–] t3rmit3@beehaw.org 4 points 1 month ago

Also, it's dead simple to send someone else (or tell them over the phone) 6 numbers, when you're being phished. Much harder for people to send someone a QR code.

[–] smeg@feddit.uk 12 points 1 month ago* (last edited 1 month ago)

Sadly the article is very light on how this actually works. I'm guessing it involves setting up an authenticator on the phone (something they encourage anyway) and just using a QR code as a new way of interacting with it?

[–] megopie@beehaw.org 8 points 1 month ago (1 children)

How am I supposed to scan a QR code sent to my phone… with my phone?

[–] JackOverlord@beehaw.org 3 points 1 month ago* (last edited 1 month ago)

On Android you can use Google Lens or, if you don't want to use Google products, any random QR code scanner app.

No idea about iPhone as I've never owned one, but I'd assume most QR code scanners can do that there as well.

[–] hazelnoot@beehaw.org 7 points 1 month ago (1 children)

I'm confused about how this is supposed to act as a second authentication factor 🤔

[–] FiskFisk33@startrek.website 6 points 1 month ago* (last edited 1 month ago) (1 children)

A guess/suggestion:

You have an app with a private key. The qr code contains data encrypted with the corresponding public key. Your app decrypts the data and transmits it to googles servers, proving you are in possession of the secret key.

[–] hazelnoot@beehaw.org 2 points 1 month ago

oh so it would just be app-based MFA but without using TOTP. That makes sense

[–] Visikde@beehaw.org 6 points 1 month ago (1 children)

Qrs don't seem safe to me
Scanning a Qr allows the installation of malware apps so I can look at a restaurant menu, & ding my card for recurring charges?

[–] Hirom@beehaw.org 2 points 1 month ago

The devil's in the details. And there aren't much details in this article.