Verizon is introducing a new approach to securing personal information used online that goes beyond passwords. A QR code login on participating websites will allow a user to gain access to the site or application by scanning the code without entering a user name or password.
Verizon Enterprise Solutions has created a cloud-based infrastructure behind the QR code approach and is targeting both websites and e-commerce companies that want to let consumers access their sites more securely and businesses who want to allow employees to access corporate data without the concern that their compromised personal information will, in turn, compromise corporate data.
The core problem is that hackers have been able to repeatedly breach websites and capture user data, including names and passwords, says Tracy Hulver, chief identity strategist for Verizon. Since many consumers use the same password repeatedly on multiple sites, those breaches compromise the overall system's security, and increasingly erode consumer confidence.
"Our data breach investigation report shows that 80% of breaches were a direct result of weakened credentials -- either lost or stolen passwords, hacked information or weak passwords," he notes. No other single factor plays as significant a role in data breaches.
It would make sense to a second step -- or second factor, as it's known in the security world -- but the issue there is consumer resistance. Online merchants know that if consumers have to wait to get a pin code via phone, email or text, there is a chance they will abandon the sales process and find a faster, if less secure site, Hulver notes. So what Verizon set out to do is to find a more secure process that is easy for consumers to use.
Here's how it works: Consumers register for a Verizon Universal Services ID, either through their workplace or a participating website, and can then download a mobile app to their smartphone that will scan the codes that appear dynamically on the appropriate website.
Verizon is hoping the approach catches on, Hulver says, and he points out it is carrier-independent and doesn't depend on connections to Verizon's network. Verizon is participating in organizations that are looking at security standards but a standards-based approach will take longer to develop, he adds.
"If you look at the companies that are in the best position to solve these problems, telcos in general are in a great position," he says. "We know how to protect critical infrastructure. Us being Verizon, and on the leading edge, we are in a good position to solve these real-life problems, which are not just about security but also about ease of use."
Verizon launched the news in its blog and explains it in this video.
— Carol Wilson, Editor-at-Large, Light Reading