The current format of the QR code can be read easily with any QR code reader. That opens doors for hackers to register with the same SIP credentials from multiple other mobile devices. The ideal and practical option, which is also done by many other companies is to provide only login credentials. This way the mobile device logs on to a provisioning server and downloads SIP credentials directly into the phone in the background. I have built such provisioning servers that work with Zoiper, SessionTalk, and may other softphones that requires only login (vs SIP) credentials.
I’ve been testing VitalPBX platform for a while and I love it! I would switch to it if this major problems is resolved. Would VitalPBX developers consider adding such security to the Vitxi in the near future?