IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [qr-code]

A quick response code, or QR code, is a type of matrix barcode which stores data as square black markings within a square layout that should be readable by any computing device capable of imaging.

A quick response code, or QR code, is a type of matrix barcode which stores data as square black markings within a square layout that should be readable by any computing device capable of imaging.

Related reading

45 questions
46
votes
7 answers

How resistant are barcodes and QR-codes against attempts to change stored data?

Assume we want to protect a document against manipulating and forging. So, we encode some sensitive information of the document and store it in a QR-code inserted in the document. Can we be sure that an attacker is not able to change and modify the…
Questioner
  • 1,277
  • 2
  • 10
  • 14
38
votes
7 answers

Could SQRL really be as secure as they say?

I just came across https://www.grc.com/sqrl/sqrl.htm With Secure QR Login, your phone snaps the QR code displayed on a website's login page . . . . and YOU are securely logged in. This seems like it would be pretty awesome - one of the…
Wayne Werner
  • 1,755
  • 3
  • 15
  • 20
17
votes
2 answers

Malicious QR Code and Mitigation

I just started reading a little on QR code, so I'm not entirely familiar with QR Code capabilities, but a thought crossed my mind today. I scanned a QR Code on a postcard I received, and it immediately took me to a website. Just like URL shorteners,…
Purge
  • 1,996
  • 2
  • 14
  • 26
14
votes
5 answers

QR codes that can't be copied - possible?

I assume this is impossible, but I need to find a barcode (that can contain a url, i.e., a QR style one). It has to be photographed by our smartphone app, but the image will not be changed over a period of weeks or months and has to be on paper. No…
Ray Britton
  • 359
  • 1
  • 3
  • 11
5
votes
4 answers

Do MFA QR registration codes/keys expire?

MFA recovery codes last forever until used. The TOTP codes expire as per the clock (e.g. 30 seconds). Does the initial QR code to register a MFA device last forever until disabled by a MFA reset? I'm imagining (expecting) that the key, like the…
schroeder
  • 123,438
  • 55
  • 284
  • 319
4
votes
1 answer

Generating QR code from seed in browser - possible security issue?

I need to implement 2FA in my web app. I'm doing this the standard way: the newly created user's seed is retrieved from the server(I use speakeasy) and the QR code is generated. The thing is, it's possible to steal this seed from the browser's…
omri perl
  • 43
  • 5
4
votes
3 answers

Using a simple 5-character pass for event vs. QR/barcode

I plan on doing a "ticketing" system, where a user would buy a "tour ticket" online. The part that I'm puzzled about is: After they buy, what mechanism to use to verify the ticket? I've been looking at how platforms like EventBrite, TicketMaster,…
anemaria20
  • 141
  • 2
4
votes
1 answer

Unidirectional Data Transmission to a Smartphone

Unidirectional Data Transmission to a Smartphone I'm going to use an old Android phone to store sensitive data (e.g., Bitcoin wallet private key), with no SIM card and WiFi and Bluetooth turned off. I could disable wireless connections physically if…
anton_
  • 41
  • 3
4
votes
2 answers

How to secure a digital ID from being faked?

We're trying to create a digital ID to replace UK Passport/driving licences for entry into licensed premises, but need to ensure it cannot be faked (or failing that, the barrier to faking it needs to be very high). Here are the restraints we need to…
Taro
  • 41
  • 1
3
votes
0 answers

Why are animated QR-codes more secure?

I recently had a look at implementing the swedish BankID identification system for an app. A prerequisite is that a client certificate is installed on our backend, which authenticates requests from our backend server. Briefly, the flow looks like…
Magnus
  • 213
  • 1
  • 5
3
votes
0 answers

How does Signal desktop app mitigate QR code login hijacking?

I am trying to implement linking of the desktop app to the mobile counterpart for my project. The assumption is that the mobile app is secure and the desktop app simply needs to link the session to mobile for convenience. In my research I came…
Oleg Dulin
  • 131
  • 2
2
votes
1 answer

"Inverted" asymmetric encryption

I am developing a system to prevent frauds in tickets. What do I need? An algorithm to generate a QR Code that will be shown to my clients in a ticket. An algorithm to validate (offline) the QR Code, using the user's smartphone (Android or…
user61429
2
votes
0 answers

Using a GUID as an authentication token (and how it could be improved)

I'm implementing a Whatsapp Web-like feature for my Android application. User should be able to open an HTTPS web application that displays a QR code (a GUID generated by the server) and scan it using her device sending it back to the server. Above…
Alessandro
  • 121
  • 1
2
votes
1 answer

Verifying customer check in

I have created a customer loyalty and reward app that works in a very simple manner. We supply cafes etc. with a printed QR code which the customers scan on each visit, using the app. Upon completing X visits, the customer is entitled a reward, e.g.…
kagelos
  • 121
  • 3
2
votes
2 answers

Is this a safe way to identify someone through a QR code for a purchase?

I am in the process of developing an iOS app where a customer can earn rewards (money) to spend back at the business. When the customer wants to spend the money they have earned, the cashier will use the employee app to scan the customer's QR code…
user3451821
  • 25
  • 3
1
2 3