Web Login via QR code?

[kboller]

   I'm trying to find a way to make logins easier for users with mobile devices.  Is it possible to embed a http post command in a QR code so embedded user/password information could be read and sent to the app server as a way to authenticate/login as opposed to manually entering a user name/password?  If you feel this is a bad idea feel free to tell me why.   

Thanks,

Kurt

[Sibuya]

Hi Kurt,

I don't know if it works in mobile but you can encode TAB and ENTER commands inside QR Code to try to "emulate" typing. So your application remains the same.

Cheers,

Marcos

[Matthew51]

I don't know much about QR codes, but from what I know this would be one of the best solutions:

You embed a login token in the QR code's url, ie: https://www.KurtSite.com/QRLogin?LoginToken=[Big number]

You can read in this number using p_web.GetValue('LoginToken')

You would need a LoginToken as a column in your login table, with a unique key so you can look up who is logging in and handle your login login as normal.

This method protects the user name and password.  Though anyone with a QR reader could learn the login token.  Any method chosen would have this problem.

Matthew

[kboller]

Thanks for the ideas.  Matthew's sounds good.  I'm thinking of having the user have an id card with a login QR code they can scan to "login".  Then they can continue to access the database with record specific QR codes. I was hoping to be able to send a HTTP post via a QR scan to protect the data but if that's not possible then Matthew's idea might be second best.

Thanks,

Kurt