Security Platforms/Tools

Verizon Launches QR Code Security Solution

Verizon is introducing a new approach to securing personal information used online that goes beyond passwords. A QR code login on participating websites will allow a user to gain access to the site or application by scanning the code without entering a user name or password.

Verizon Enterprise Solutions has created a cloud-based infrastructure behind the QR code approach and is targeting both websites and e-commerce companies that want to let consumers access their sites more securely and businesses who want to allow employees to access corporate data without the concern that their compromised personal information will, in turn, compromise corporate data.

The core problem is that hackers have been able to repeatedly breach websites and capture user data, including names and passwords, says Tracy Hulver, chief identity strategist for Verizon. Since many consumers use the same password repeatedly on multiple sites, those breaches compromise the overall system's security, and increasingly erode consumer confidence.

Learn more about mobile security on our dedicated channel here at Light Reading.

"Our data breach investigation report shows that 80% of breaches were a direct result of weakened credentials -- either lost or stolen passwords, hacked information or weak passwords," he notes. No other single factor plays as significant a role in data breaches.

It would make sense to a second step -- or second factor, as it's known in the security world -- but the issue there is consumer resistance. Online merchants know that if consumers have to wait to get a pin code via phone, email or text, there is a chance they will abandon the sales process and find a faster, if less secure site, Hulver notes. So what Verizon set out to do is to find a more secure process that is easy for consumers to use.

Here's how it works: Consumers register for a Verizon Universal Services ID, either through their workplace or a participating website, and can then download a mobile app to their smartphone that will scan the codes that appear dynamically on the appropriate website.

Verizon is hoping the approach catches on, Hulver says, and he points out it is carrier-independent and doesn't depend on connections to Verizon's network. Verizon is participating in organizations that are looking at security standards but a standards-based approach will take longer to develop, he adds.

"If you look at the companies that are in the best position to solve these problems, telcos in general are in a great position," he says. "We know how to protect critical infrastructure. Us being Verizon, and on the leading edge, we are in a good position to solve these real-life problems, which are not just about security but also about ease of use."

Verizon launched the news in its blog and explains it in this video.

— Carol Wilson, Editor-at-Large, Light Reading

Page 1 / 2   >   >>
pcharles09 8/31/2014 | 10:36:55 PM
Re: Nice use of QR codes @brooks7,

It's popular & they're riding the wave. It'll soon get tired & get replaced by the next big thing.
brooks7 8/27/2014 | 9:26:28 AM
Re: Nice use of QR codes Pcharles, Agreed. Just don't see much in the way that QR codes add to that mix. seven
pcharles09 8/27/2014 | 12:31:56 AM
Re: Nice use of QR codes @brooks7,

There's lots of good 3rd party solutions for multi-factor authentication nowadays, including mobile apps for portability.
Liz Greenberg 8/27/2014 | 12:28:37 AM
Re: Nice use of QR codes As time moves on, smart phones will become the norm. So apps that can supply 2 factor authentication will still be really useful.
thebulk 8/26/2014 | 10:47:56 PM
Re: Nice use of QR codes I know more than a few rather Internet savvy people who do not have a smart phone. So not sure that's a valid assumption.
brooks7 8/26/2014 | 6:55:33 PM
Re: Nice use of QR codes The challenge with QR codes is suddenly you have to change your site to adapt them as an auth mechanism.

With a Digital Token, all you have to do is add a single line.

You are correct that multi-factor auth is considered clumsy no matter what.  But the user either wants it or doesn't.

The QR code scanner only seems better if one built it in to a mobile app auth process.  Which means that the mobile app would have to have a qr code scanner built in and the person would have to have the qr code on a keychain or something similar.


Liz Greenberg 8/26/2014 | 6:16:26 PM
Re: Nice use of QR codes Ah a WOW fan huh @seven? But seriously,  interesting about the digital tokens but it is still another app.  Whether it is QR or digital tokens it is still another app.  I don't think that this is an either or situation but rather a whatever suits the application both literally and figuratively in a way that users will embrace 2nd factor authentication.
brooks7 8/26/2014 | 6:09:47 PM
Re: Nice use of QR codes You know there are software apps for digital tokens right?

No need for a QR code or any funky thing.  Just load up that app and use it as your 2nd factor.  That way there is no need to have such a code linked to your website....just digital token support.

Blizzard has this available for World of Warcraft for example.





Atlantis-dude 8/26/2014 | 5:55:48 PM
Re: Why VZ? The role that telcos play in this is arguable. An app per website wouldn't help much either.
Liz Greenberg 8/26/2014 | 4:57:51 PM
Re: Why VZ? I don't think that they will @Atlantis-dude, I think (hope) that this will start a trend for others to follow to incorporate QR technology as part of identity verification.  Face it, I am unlikely to become a VZ customer for this feature.
Page 1 / 2   >   >>
Sign In