ruwanta
commented
2 years ago This is not correct statement
password are inherently vulnerable What the QR code performs is a device based authentication. It behaves much like a FIDO device.
For example, there is no real purpose of having QR code and TOTP both enabled in single authentication flow one after other as they both only verifies that the user accesses the device.
Isurika1998
Description
With the advancement of technology and the increasing focus on the quality of user experience, some businesses tend to make a web version for their application, along with the mobile app. In these kinds of applications, a user’s mobile phone (with an active data connection) can act as a helper device to authenticate the user to access the web application by scanning the QR code displayed in the web login screen by using the scanner in the mobile app, balancing the usability and security without affecting user privacy. Therefore this issue is to track the progress of the project "QR Code based Authentication" for Identity server.