Time to re-enable your 2FA — or to set it up finally

We have recently learned about an issue that saw us using a third-party API to generate the QR code for two-factor authentication. We have looked into this issue and want to sincerely apologize to our customers for allowing this blunder. We can assure you that AdGuard no longer uses The Google Charts API or any other third-party service to enable the 2FA security layer.

How it all came to this:

  1. If you tried to set up a two-step authentication for your AdGuard account, you probably know how it works: A QR code pops up on our website, which you have to scan with a password manager that supports 2FA to proceed.

  2. The problem with this scheme, as it was rightly pointed out to us on Reddit, was that the QR code used to be generated through a third-party service, in our case – the Google Charts API, which returned the image to the user.

  3. Thus, we effectively created a loophole allowing the user login email address and their time-based one-time password (TOTP secret) to be sent to the Google Charts API.

There is some good news, however. First, we've already fixed the issue, and we no longer use any third-party service to generate images with QR codes. Instead, we're generating the QR codes right on the page with a JavaScript library.

Second, Google claims that its Google Charts API does not store any logs and is only a functional service that generates images according to the given parameters.

In any way, we strongly recommend you re-enable your 2FA if you have already enabled two-factor authentication in your account. And if you haven't enabled 2FA yet, then now it's high time you did it as it will make your account much more secure.

Door het downloaden van de reacties ga je akkoord met de voorwaarden en beleid
Downloaden AdGuard Klik op het door de pijl aangegeven bestand om AdGuard te installeren. Selecteer "Open" en klik op "OK" - wacht even tot het bestand gedownload is. Sleep dan in het geopende venster het AdGuard icoontje naar de "Applications" map. Dank u dat u voor AdGuard gekozen heeft. Selecteer "Open" en klik op "OK" - wacht even tot het bestand gedownload is. Klik dan in het geopende venster op "Installeren". Dank u dat u voor AdGuard gekozen heeft.
AdGuard op je mobiele apparaat installeren