Time to re-enable your 2FA — or to set it up finally

We have recently learned about an issue that saw us using a third-party API to generate the QR code for two-factor authentication. We have looked into this issue and want to sincerely apologize to our customers for allowing this blunder. We can assure you that AdGuard no longer uses The Google Charts API or any other third-party service to enable the 2FA security layer.

How it all came to this:

  1. If you tried to set up a two-step authentication for your AdGuard account, you probably know how it works: A QR code pops up on our website, which you have to scan with a password manager that supports 2FA to proceed.

  2. The problem with this scheme, as it was rightly pointed out to us on Reddit, was that the QR code used to be generated through a third-party service, in our case – the Google Charts API, which returned the image to the user.

  3. Thus, we effectively created a loophole allowing the user login email address and their time-based one-time password (TOTP secret) to be sent to the Google Charts API.

There is some good news, however. First, we've already fixed the issue, and we no longer use any third-party service to generate images with QR codes. Instead, we're generating the QR codes right on the page with a JavaScript library.

Second, Google claims that its Google Charts API does not store any logs and is only a functional service that generates images according to the given parameters.

In any way, we strongly recommend you re-enable your 2FA if you have already enabled two-factor authentication in your account. And if you haven't enabled 2FA yet, then now it's high time you did it as it will make your account much more secure.

By downloading the comments you agree the terms and policies
AdGuard for Mac v2.8: Export/import your settings, Anti DPI feature and a certificate explained
Our AdGuard for Mac v 2.8 release boasts two features and an important addition: the long-coveted settings export/import feature has been added, as well as anti-DPI protection and the need for a certificate for HTTPS filtering has been explained. See for yourself!
If you think your data is safer with big corps, you’re wrong: The story of Lapsus$ hacker group
The hacker group Lapsus$ has been causing quite a stir lately: among the affected companies are NVIDIA, Samsung, Microsoft, and others. We're telling the story of teenage hackers and analyzing how their attacks will affect users.
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device