Closed f1-outsourcing closed 4 months ago
For authentication do a remote request to 3rd party to generate a qr code? I don't think this will pass any security standard. What is actually the point of 2fa if you are giving your 2fa to google?
That's incorrect, qrcode is generated using qrcode.min.js file:
https://github.com/alexandregz/twofactor_gauthenticator/blob/34486f6baf3b1c8b790fa5e982b42b737405bc65/2FA_qr_code.js#L6
Oh nice that is better, I stand corrected.
For authentication do a remote request to 3rd party to generate a qr code? I don't think this will pass any security standard. What is actually the point of 2fa if you are giving your 2fa to google?