What do you think of Scan QR to Login as a Service?
9 comments
I agree with password-less.
>agree with password-less.
Does my idea sounds like something you would use? Will you download a authenticator app to avoid using user/pass?
Does my idea sounds like something you would use? Will you download a authenticator app to avoid using user/pass?
I'm not sure as a user I'll use another Authenticator app just for a random website.
It has to be for something worth the trouble (work, bank, etc...)
It has to be for something worth the trouble (work, bank, etc...)
Got it, but there will still be a network effect.
You will just have to download it once and can add and manage accounts on a lot of websites.
You will just have to download it once and can add and manage accounts on a lot of websites.
I already have a Msft Authenticator and a Google one installed on my phone, if you can make it work with one of these already that would be fine.
>have a Msft Authenticator and a Google one
I think you can just add all accounts to one authenticator.
>make it work with one of these These authenticators, have no support for QR codes so this would not be possible.
>make it work with one of these These authenticators, have no support for QR codes so this would not be possible.
Saas pass has a scan barcode login (with 2fa) option. You can configure any of the mfa methods you want from the developer api. Good luck with your venture.
You should take a look at LoginID: https://loginid.io/
The idea of using QR codes is interesting too. The downside of WebAuthn is that the credentials generated by Touch ID/Face ID are associated with a single device. If you want to log in from somewhere else, it doesn't work.
You could, however, use your QR code idea to have the user scan it from their enrolled device (e.g., phone) and then log them in.
The idea of using QR codes is interesting too. The downside of WebAuthn is that the credentials generated by Touch ID/Face ID are associated with a single device. If you want to log in from somewhere else, it doesn't work.
You could, however, use your QR code idea to have the user scan it from their enrolled device (e.g., phone) and then log them in.
Apple PassKey syncs the WebAuthN tokens between devices.
How it works? 1. Add your account to my authenticator app. 2. Whenever you need to sign-in, scan the QR code displayed on the website from my authenticator app. 3. Enter your device pin or use TouchId/FaceId and you will be logged in on the website.
My service will manage the generation of the QR codes, the authenticator app, etc. I also think 2FA will not be needed when using this as my authenticator app will check two factors - 1. If the request is being made from the device which the users posses. 2. The passcode/biometrics of the phone.
I think my service will be really useful for no-code/low code websites as well as websites which do not have a native mobile app. Please let me know what you think about this idea.
PS - I'm not sure if it's ok to post this on HN, please let me know if it's not ok and I'll take it down.