AuthentificationCloudSecurityWorkspace

Verizon Touts QR Code Login As Password Replacement

password2
1 0 1 Comment

The end of passwords and usernames for authentication? Quite possibly, at least according to Verizon

Verizon has made a potentially interesting advance in the security and authentication area, after it unveiled a QR Code Login that could eliminate the need for usernames and passwords.

The QR code login comes as organisations seek to tighten up their authentication process in order to deliver more robust online protection for their customers.

QR Login

At the moment, the most widely used form of authentication is the humble username and password, with perhaps a captcha or a PIN number thrown in for good measure. Increasingly, organisations are demanding much more complex passwords from users, leading to password reuse problems, where one person uses the same password for multiple websites.

cloudsecuritypasswordcommerceBut these traditional forms of authentication are struggling in the wake of ongoing data breaches and hacks. In April, the Verizon Data Breach Investigations report discovered that digital espionage campaigns are increasing, highlighting the need for better online protection. Indeed, that report also revealed that two out of three data breaches are attributable to lost or stolen user names and passwords, or both.

Verizon has thus developed an alternative to the username and password norm, after adding the ability to use the common old QR code to its Universal Identity Services portfolio.

Essentially, the QR code login works by allowing either an internal or external user to scan a QR code on a participating website or portal, using nothing more than their smartphone to gain secure access to the website.

But first the user has to obtain a Verizon Universal ID directly from a participating Web page. After that registration, the user will need to download the smartphone app capable of scanning a dynamically generated QR code on the login page. Once the user’s identity is confirmed, he or she is authenticated to the website. This technique can also be combined two factor authentication, such as a PIN number or password, for websites that require an extra layer of security, such as online banks etc.

Password Replacement?

“Lost and stolen passwords remain the number one way that systems are compromised,” said Tracy Hulver, chief identity strategist for Verizon. “We continue to see user names and passwords fail as a secure way to log in, no matter how complex the password. With Verizon’s QR code login, we are making progress in protecting users without increasing the hassle, headache or expense for the user and the enterprise.”

“The beauty of the QR code is its flexibility,” added Hulver. “It can be used alone or with other stronger measures to give enterprises and their users just the right level of security simply and easily.”

A short video explanation of the QR code login is available here.

The service is delivered through Verizon’s cloud, so there is little to no infrastructure investment for organisations and enterprises. The company also touts the system’s ability to reduce customer support for when user’s lose their passwords, or security tokens.

Love IT security? Try our quiz!

  1. If my understanding is not wrong, whoever holds the app-installed phone would be able to make the login on behalf of the legitimate user.

    The concept of authentication by possession of something (tokens or phones)leads me to imagine an ATM that will dispense all my money to whoever holds my bank card. Should the something or bank card be protected by PIN/password, it is an expanded use of the PIN/password, not an alternative to the PIN/password.