I am currently using 2-factor authentication to tighten security for my login system. I use Google Authenticator to scan a QR Code, which generates a key which I can use to login.
What worries me with my implementation is the way I create my QR Code in PHP using this API:
'https://chart.googleapis.com/chart?chs='.$width.'x'.$height.'&chld='.$level.'|0&cht=qr&chl='.$url_containing_secret.''
Using the maps API seems a bit unsafe since I'm basically sharing my secret through HTTP. Isn't this actually risky? I'm seriously considering creating the QR code using some library instead of an external API.
Am I too paranoid?