Movie theater QR code:
I almost lost it last night. My date and I approached the ticket taker at our local movie theater with a QR code ticket on my phone. I find it fascinating that phones are now used for a valid entrance. I proudly showed my QR code to the young attendant and was quickly asked for my confirmation code. What happened next got me thinking all about advanced security.
Here’s the way it’s supposed to work: the cashier pulls out the little flashlight scanner, scan my phone and be done with it. Instead, I’m now challenged with finding out where (and if) a confirmation code is located somewhere on my phone. To further stress this particular situation, I didn’t have my glasses and I couldn’t find the code. It’s not the end of the world, I’ll just give my phone to my accomplice so we can retrieve the confirmation code. Success!! Now we could enjoy the show.
Can this problem happen elsewhere?
The next morning when I logged in at work, it occurred to me that I also use my phone for secure login to my laptop. After I enter my password, an OTP (one-time password) is sent to my phone and I am prompted to enter this value during the login. This is defined as two-factor authentication (2FA). While using my phone in this manner it reminded me of the night before at the movie theater.
What if I had forgotten to bring my phone to work or the battery died on me? Would I have been able to login? Would I get paid for the day or even still have a job? Our IT Department reassured me that there are alternate means of receiving the 2nd factor during the login.
Next, they pointed me to the prompt for entering the requested OTP. Here, there is a link that is designed to provide another way of getting an OTP to me. There are too many options to list in this article, but our company allows the second factor to come as a printed OTP, received in an alternate email address. We can also simply call the Help Desk and ask for the OTP over the phone. That’s good to know. With all that information in hand, I got back to work with the understanding I could retrieve an OTP in several different ways.
Don’t let this happen to you:
There used to be a time where you would print and present the ticket to an employee to tear in half. One side for you and one side for them. No scanner needed, no reading glasses and no phone! Avoid a problem like a non-working QR code when logging onto your active directory. Technology such as an OTP (one-time password) makes avoiding this dilemma possible. If your password is not working, there are always multiple ways to retrieve or reset it. Don’t let yourself get into situations where you don’t have any options.
Become secured with an SSO, SSPR and 2FA solution such as PortalGuard, an integrated authentication package.