IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [qr-code]

A quick response code, or QR code, is a type of matrix barcode which stores data as square black markings within a square layout that should be readable by any computing device capable of imaging.

A quick response code, or QR code, is a type of matrix barcode which stores data as square black markings within a square layout that should be readable by any computing device capable of imaging.

Related reading

45 questions
0
votes
1 answer

Can we prevent users from generating a QR code with edited information

Currently there is this design of two apps that work together: Proof app: On customers phone, takes in a textcode and creates a QR code Scanner app: On hosts phone, Scans the QR code and displays some information like birthday, initial and valid…
Dennis Jaheruddin
  • 1,715
  • 11
  • 17
0
votes
1 answer

Is a QR code with a secret URL that changes every 5th minute secure?

I need to verify that survey respondents are in the same physical room or video chat (to prevent industry espionage). The respondents can join by scanning a QR-code that opens a URL which embeds a code with 61 bits of entropy. The code and QR…
user3654410
  • 101
  • 2
0
votes
0 answers

Using QR codes as means of communicating with an air-gap system

The air-gap system in question is a cryptocurrency vault system that is responsible for generating addresses and signing transactions while it keeps the sensitive information air-gapped. [ Vault app ] <====[QR]====> [ Wallet app] Data to protect:…
Ashfame
  • 101
  • 3
0
votes
1 answer

QR Code Security Testing

Within the scope of a project for my client, I test the existing site and the project for security vulnerabilities using OWASP ZAP. The client uses invitations with QR Codes and QR Codes to login to his project. How can I test QR Codes on security…
Mornon
  • 131
  • 6
0
votes
2 answers

Generating QR-Code for 2fa from google maps api risky?

I am currently using 2-factor authentication to tighten security for my login system. I use Google Authenticator to scan a QR Code, which generates a key which I can use to login. What worries me with my implementation is the way I create my QR…
Asperger
  • 135
  • 3
0
votes
1 answer

Reduce the risk of QRLJacking

I am currently working on a personal project to facilitate the connection of users to a private interface using a mobile application and a QR Code. Steps: Users download an application and log in with a username and password. Users then connect to…
Yann Rimbaud
  • 1
0
votes
2 answers

QR code as certificate of authenticity

I need details about QR code that provides information about whether its product is original or not. The situation is a stamp that tells that this product has been certified as safe to be use by this safety boards. And its not for just one company.…
Haikal
  • 1
  • 1
  • 2
0
votes
2 answers

Preventing Users from Using QR Code Password and Scanner for Authentication

A user was discovered using a QR code to log into a PC. Apparently, the password was put into a QR code generator and printed. The user: Provides their username Scans the QR code with a handheld scanner and is granted access Our company utilizes…
user225868
0
votes
1 answer

Need help on 2FA QRcode security

In reference to OTP 2FA Auth apps: I'm trying to understand the concept of the QRcode being more secure in-transit than SMS? Is it because the QRcode itself is not of any value to fraudulent entities since the Auth App doing the scanning is…
RWB
  • 11
  • 1
0
votes
0 answers

SQRC use to verify e-delivered certificate

I have a need to provide a means of validating a certificate that is e-delivered. My thought is to use an SQRC to enable that verification by linking to a secure site that contains the original certificate and display that to enable verification of…
Mark-FAA
  • 1
  • 1
0
votes
1 answer

What are the risks when using QR to authenticate when using offline MFA in cases network is unavailable due to a network outage

if the PingID service is unreachable the user will receive a QR code on an offline authentication screen. in case of Offline MFA when the network is unavailable due to a network outage (i.e. in an airplane or when network reception is poor.) or…
Filipon
  • 1,204
  • 10
  • 22
0
votes
1 answer

How to make QR Code uncopyable - Scanning of the QR Code at consumer level

I am designing a Consumer Protection System for import products on Blockchain technology. My Client wants to use QR Code instead of Security Tax Stamp. How can we make QR Code uncopyable at the consumer level? Scenario: I went to a shop to buy an…
biltar03
  • 11
  • 2
0
votes
1 answer

How exploitable is a QR code in a login system?

I'm taking a CTF challenge on a web service. The goal is to gather the most information possible of a user. I have access to it's login and password, but password is expired and the account must be recovered by uploading a QR code to the website. No…
fish202
  • 119
  • 3
  • 7
0
votes
1 answer

2FA Security on Setup

When setting up 2FA with Authy most websites give you a QR code to scan. Would it be correct to say that you should treat this QR code securely? If this code or a picture of it was leaked there is nothing to stop someone else setting up 2FA on…
Woodstock
  • 679
  • 6
  • 20
-2
votes
6 answers

Looking for something like a QR code that cannot be copied/reproduced

Can QR codes always be copied? I am looking for some sort of QR code or chip that can be readily scanned (preferably via smartphone) and linked to a secure website, but that cannot be copied or reproduced in any way. Any thoughts?
Mitch
  • 17
  • 1
  • 1
1 2
3