An Authenticator App is a mobile security application based on two-factor authentication that helps verify user identities before granting access to websites and services.
A QR Code is a machine-readable code consisting of an array of black and white squares, typically used for storing URLs or other information that a smartphone camera can read.
Since PDK.io accounts can be set up using a mobile device, and the ProdataKey credential is sent via email, an authenticator app is better for such an application. A smartphone or other smart device is better suited to using an authenticator app to verify identity. It would be difficult, if not impossible, to use the smartphone's camera to scan a QR code that is being displayed on the same phone.
The following is a typical conundrum in such a situation: A user must sign in to Google Authenticator; however, to log in, the user needs a QR code. To obtain the QR code, they must enter a code from Google Authenticator into the Google security two-factor authentication page.
Two-factor authentication QR codes should not be scanned if:
-
Security is your primary goal for using two-factor authentication
-
You use separate email addresses for different aspects of life (personal, work, banking, etc)
-
You don’t use both your computer and a mobile device to log into the same services.
The problem is that after scanning a two-factor authentication QR code, most authentication apps:
-
Don’t allow you to change both the domain name and the email address
-
Or they enable changing only the email address, but not the domain name
-
Or they allow changing both of them, but there is an option to reset them to default values, which can be exploited.
Comments
0 comments
Please sign in to leave a comment.