Verizon has made a potentially interesting advance in the security and authentication area, after it unveiled a QR Code Login that could eliminate the need for usernames and passwords.
The QR code login comes as organisations seek to tighten up their authentication process in order to deliver more robust online protection for their customers.
At the moment, the most widely used form of authentication is the humble username and password, with perhaps a captcha or a PIN number thrown in for good measure. Increasingly, organisations are demanding much more complex passwords from users, leading to password reuse problems, where one person uses the same password for multiple websites.
Verizon has thus developed an alternative to the username and password norm, after adding the ability to use the common old QR code to its Universal Identity Services portfolio.
Essentially, the QR code login works by allowing either an internal or external user to scan a QR code on a participating website or portal, using nothing more than their smartphone to gain secure access to the website.
But first the user has to obtain a Verizon Universal ID directly from a participating Web page. After that registration, the user will need to download the smartphone app capable of scanning a dynamically generated QR code on the login page. Once the user’s identity is confirmed, he or she is authenticated to the website. This technique can also be combined two factor authentication, such as a PIN number or password, for websites that require an extra layer of security, such as online banks etc.
“Lost and stolen passwords remain the number one way that systems are compromised,” said Tracy Hulver, chief identity strategist for Verizon. “We continue to see user names and passwords fail as a secure way to log in, no matter how complex the password. With Verizon’s QR code login, we are making progress in protecting users without increasing the hassle, headache or expense for the user and the enterprise.”
“The beauty of the QR code is its flexibility,” added Hulver. “It can be used alone or with other stronger measures to give enterprises and their users just the right level of security simply and easily.”
A short video explanation of the QR code login is available here.
The service is delivered through Verizon’s cloud, so there is little to no infrastructure investment for organisations and enterprises. The company also touts the system’s ability to reduce customer support for when user’s lose their passwords, or security tokens.
Love IT security? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
If my understanding is not wrong, whoever holds the app-installed phone would be able to make the login on behalf of the legitimate user.
The concept of authentication by possession of something (tokens or phones)leads me to imagine an ATM that will dispense all my money to whoever holds my bank card. Should the something or bank card be protected by PIN/password, it is an expanded use of the PIN/password, not an alternative to the PIN/password.