API SECURITY

QR Code Authentication

Usability, Security, and Privacy

Mitya Ivanov at https://unsplash.com/photos/2HWkORIX3II

The use of QR codes for authentication is on the rise. The main reason is that they strike a good balance between security and ease of use. But getting that balance just right is tricky! Too much ease of use can make users happy but leave them exposed. On the flip side, going overboard with security can keep users safe but annoy them. Although they’re not exact opposites, security and usability often find themselves at odds.

Excessive usability

Meebo.com was all the rage in the mid-2000s. It let you chat with folks from various messaging platforms all in one chat room. The homepage was filled with a bunch of username/password forms. Before diving into chats, you had to enter your login details for each platform you wanted to use.

Meebo.com login page in December 31th, 2005 — Source: https://web.archive.org/web/20100901000000*/meebo.com

I was a huge fan of Meebo, but I wasn’t really aware of the risks that came with sharing credentials. Giving out your login details is like handing over your identity to someone else. Anyone with your info can act like they’re you. As Meebo users, we just assumed the platform was secure and trusted that Meebo wouldn’t…