I can see a system where you have to scan the QR code in a specific app for that purpose (e.g. a dedicated QR code payment app which approved businesses sign up to, which either includes or remotely queries a database of valid endpoints). At that point though, where you’re requiring a dedicated app anyway, you may as well invent your own 2D code system with blackjack, hookers and signing. But yeah, I don’t understand how this would work otherwise. QR codes just aren’t made for security. They shouldn’t be used anywhere security is required.
QR codes just aren’t made for security. They shouldn’t be used anywhere security is required.
I get what you’re saying but it’s at least a little bit funny that they are regularly used for security in the form of scan to login (e.g. Steam), verify your session (e.g. Matrix), etc. Of course these are in a closed ecosystem so the QR code itself is not the security. But I just found it funny you said that when 90% of my QR code usage is for security.
How would you make an arbitrary QR code have a verifiable signature?
I can see a system where you have to scan the QR code in a specific app for that purpose (e.g. a dedicated QR code payment app which approved businesses sign up to, which either includes or remotely queries a database of valid endpoints). At that point though, where you’re requiring a dedicated app anyway, you may as well invent your own 2D code system with blackjack, hookers and signing. But yeah, I don’t understand how this would work otherwise. QR codes just aren’t made for security. They shouldn’t be used anywhere security is required.
I get what you’re saying but it’s at least a little bit funny that they are regularly used for security in the form of scan to login (e.g. Steam), verify your session (e.g. Matrix), etc. Of course these are in a closed ecosystem so the QR code itself is not the security. But I just found it funny you said that when 90% of my QR code usage is for security.