Infinitely Versatile? The Bid for QR Codes to Now Become Your Authentication

User IDs and passwords are part of everyday business life and business continuity for many people. You need them to log on to get your email and use other company systems. Often, the easier they are to remember, the easier they are to hack. And cryptic codes often get written down on scraps of paper left next to the computer, defeating the whole object. If your business and its employees have a tough time keeping track of user IDs and passwords, a possible alternative using QR codes is now being mooted. That’s right, the same QR codes that you snap with your smartphone to zip over to websites or launch apps. But will it take off?

The key concept of the Secure QR Login (SQRL for short) is simplicity coupled with security. It’s designed to resolve the problem of forgetting multiple passwords and to protect users against password theft. Of course, it’s not the only option available, but it has a different perspective on security compared with the others. In short, a website using the SQRL system presents a QR code. If you want to log on, you scan the code with a mobile or desktop app. This app contains its own randomly generated confidential code. It uses this code and the name of the site to generate your user ID and password using public and private key encryption, which the site then validates.

SQRL is very recent. Supporters praise the way that users only need to remember one single password to still benefit from uniquely different authentication on every site they visit. The independence from third party involvement is a plus too. Critics on the other hand point out that the SQRL app is a single point of failure. They claim the system doesn’t solve the problem of data snooping and hackers hanging on to your digital coattails to get into a system. Time will tell if SQRL can show a net advantage over all other contenders, and also if it can amass the popularity required to make it a universally adopted solution.