> What problems do you face with whatever 2FA you use?
Ease of migration. I'm currently migrating away from Authy to Aegis. This experience in Aegis is simple because it can import and export the data.
I use gauth [0] on my laptop since there's no Aegis desktop client. This requires adding any new 2FA accounts to both Aegis and gauth at the same time, meaning I need both devices with me. I've not yet tried to export from Aegis and add to gauth separately later, but I'm hoping that will be okay.
> A QR code will be generated on the phone for each login attempt. The website/app where the user is logging in will scan that QR code
Not sure I understand. How will a website be able to scan my phone's screen?
My laptop doesn't have a webcam, and even if it did, I wouldn't permit my web browser address to it unless I really needed to. A website that asks me to access the webcam just to log in isn't going to appeal to me.
I've no idea how typical I am in this regard, though.
Could you turn the idea on its head? Could the website display the QR code and the phone scan it, as per WhatsApp and many others? Or perhaps the phone just displays the note ubiquitous "random raccoon" type wordset for the user to enter into the website?
Ease of migration. I'm currently migrating away from Authy to Aegis. This experience in Aegis is simple because it can import and export the data.
I use gauth [0] on my laptop since there's no Aegis desktop client. This requires adding any new 2FA accounts to both Aegis and gauth at the same time, meaning I need both devices with me. I've not yet tried to export from Aegis and add to gauth separately later, but I'm hoping that will be okay.
> A QR code will be generated on the phone for each login attempt. The website/app where the user is logging in will scan that QR code
Not sure I understand. How will a website be able to scan my phone's screen?