this post was submitted on 21 Oct 2024
12 points (100.0% liked)
techsupport
2469 readers
10 users here now
The Lemmy community will help you with your tech problems and questions about anything here. Do not be shy, we will try to help you.
If something works or if you find a solution to your problem let us know it will be greatly apreciated.
Rules: instance rules + stay on topic
Partnered communities:
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's basically what others mentioned - the code can be a long string you can enter, but usually it's a QR image representing the code itself (I'm sure Mailchimp is going to give you a QR image when you set it up).
Most people use a TOTP authenticator app on their phone to take a picture of that QR image & load it into their app. Once the code is generated it does not change so in theory you should be able to share that code or QR image amongst yourselves & load it into your own apps. No data/mobile connection or SMS/email required unless you're using a specific TOTP app that needs that.
On Android I've used andOTP and Google Authenticator apps with good results but there are plenty of other TOTP authenticator apps if you look around.
PS - In terms of sharing it, just share the picture of the QR code with whatever screen/image capture tool you like to use. Just keep in mind you don't want to keep the QR image laying around online, the whole point is to secure your Mailchimp account after all.
Thank you, that’s very clear. I appreciate it!
There is usually an 'advanced' option if the 'QR doesn't work' that gives you access to the plain text data.
Beside it's inefficient to send text data as an image, why does it make a difference?
If the app has offers option to open an image with a QR code, IMHO it is more convenient, to send the image of the QR code (I'd try 'save image as' instead of a screenshot though). When sending text, you and the recipient manually have to copy the information and the recipient also has to paste it into the right field.
Why should anyone take a camera to take a screenshot or click on 'save image'? Additionally, the secret key would be stored as well on the messenger app you are using to share the key among the group members.
Aegis, e.g. can open images containing a QR code and import the key that way. I assume other apps can do the same.
?
Beside that, I agree that its a security issue to have the plain text or QR code stored somwhere else than in the authenticator app itself. Inerently, trying to circumvent the introduced security by the uniqueness of the TOTP authenticator by sharing the key, one way or another, is a security issue by itself. That's why, I've recommended registering multiple independent authenticatior-keys, if possible, one per group member.