With the pandemic-driven proliferation of QR codes throughout day-to-day life in Western countries, including in sensitive applications like accessing medical records, cyber threat actors have predictably started to take advantage of the QR code scanning process. A wave of QR-related phishing attacks hit over the summer of 2022, with a good amount of media coverage following each detected instance.
A fully passwordless internet is a foregone conclusion. CTOs, CIOs, developers, and, most importantly, consumers are all aligned in wanting to phase out the clunky password-based authentication paradigm we have today to improve both security and user experience. What’s less clear is what the passwordless future will look like and how we’ll get there. Balancing security against ease of use, while accounting for learning curves, edge cases, and imperfect human behavior, requires a thoughtful approach to implementing innovative login mechanisms. QR login, leveraging biometrics-enabled smartphone apps with a password fallback, is the smoothest and most secure bridge for transitioning users to a fully passwordless experience.