QR Authentication / Login

Author: Mathijs Brand

Last updated: August 1, 2022

With MSP 3.1 (soon to be released), QR authentication has become part of the core product. This means that an end-user can login to your website by scanning a QR code with a mobile phone. It is easy, fast and secure. Anyone can do it. Take a look at the 4 second video below what that looks like... 



A seamless solution between mobile and web. I heard people talk about that years ago. This was the future a few years ago. Today, I still read blogs, listen to podcasts and radio shows about using secure passwords. That you shouldn't use words from a dictionary. That you should change them often. That some companies are hacked, so you should keep up to date with which ones those are and update your passwords accordingly. And that a password manager is a good idea. But then really? Should a consumer really have a PHD in security to be safe? At Onegini we hate this. Our customers hate it. It's not a solution. And it can be so much easier, nicer and more secure. Think your organization is not ready for this? Give us a call, I'm sure we can help you out. 

But Onegini also did login with push?
Yes. Onegini MSP also provides a way to login with your mobile phone on your website using a notification. A simple message pops up, you click accept, maybe a pincode/fingerprint and you're in. It's really up to you or your customers which option is best. Some people don't like push. Some mobile camera's don't work anymore. You can easily provide both as can be seen in our demo

The flow
Below you get an impression of the flow. The QR code contains a One Time Password that is generated by the token server. The mobile security platform knows which user scans the code and validates the tokens. Then the token server notifies the portal the user can login. 

I like technical details!