An Authenticator App is a mobile security application based on two-factor authentication that helps to verify user identities before being granted access to websites and services.
A QR Code is a machine-readable code consisting of an array of black and white squares, typically used for storing URLs or other information for reading by a smartphone camera.
Since pdk.io accounts can be set up using a mobile device, and the ProdataKey credential is sent via email, an authenticator app is better for such an application. A smartphone or other smart device is better suited to using an authenticator app to verify identity. It would be difficult, if not impossible to use the smartphone's camera to scan a QR code that is being displayed on the same phone.
The following is a typical conundrum for such a situation: A user has to sign in to Google authenticator, however, to log in, the user needs a QR code. In order to get the QR code, they need to enter a code from Google authenticator into the Google security two-factor authentication page.
Two-factor authentication QR codes should not be scanned if:
-
security is your primary goal for using two-factor authentication
-
you use separate email addresses for different aspects of life (personal, work, banking, etc)
-
you don’t use both your computer and a mobile device to log into the same services.
The problem is that after scanning two-factor authentication QR code, most authentication apps:
-
don’t allow you to change both domain name and email address
-
or they allow to change only email address but not a domain name
-
or they allow to change both of them, but there is an option to reset it to default values, which can be exploited.
Comments
0 comments
Please sign in to leave a comment.