I am currently using 2 factor authentification to tighten security for my login system. I use Google Authenticator to scan a QR Code, which generates a key which I can use to login.
What worries me with my implementation is the way I create my QR Code in php using this API:
'https://chart.googleapis.com/chart?chs='.$ width.'x'.$ height.'&chld='.$ level.'|0&cht=qr&chl='.$ url_containing_secret.''
Using the maps API seems a bit unsafe since im basically sharing my secret through http. Isnt this actually risky? Im seriously considerung create the qrcode using some library instead of an external api.
Am I too paranoid or?