Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Solved
Login QR Code Content
Hi 1Password Team,
I'd like to request a small change to the login via QR experience that should improve UX by quite a bit: the data presented in the login QR should contain 1Password-specific URL information that allows the user to initiate login by simply scanning the code itself rather than opening the 1Password app and choosing the QR Code option.
To expand on this a bit, here's what's presented in the 1Password login QR code (data obfuscated obviously)
k9F_aZ3mQx7R2pL8vD1sWcT0uYhG5eJ4nK6bCqXrM-Vt8PzU1wEoI9fS_dA2HjN7yL3gR5xB0kQv6mT4pZ1uWc8D9eF2aYh7J3sXnVyefhdfgw
When scanning this QR code, any phone will attempt to search Google for this long random string. This is obviously not ideal. For a better UX example, look at the data contained in Steam or Discord's login QR codes:
https://discord.com/ra/obb6XZfsdfP67eMtNgy36zCQt5fd9kshasdftZxPRwQ
https://s.team/q/1/103748407414622342091
Would it be possible for the 1Password QR code to be updated to more closely match this functionality? Even presenting the data in the format of a custom URL scheme (as below) would be more helpful, as users with the app installed would still be prompted to open the link in 1Password via normal QR scanners.
1password://k9F_aZ3mQx7R2pL8vD1sWcT0uYhG5eJ4nK6bCqXrM-Vt8PzU1wEoI9fS_dA2HjN7yL3gR5xB0kQv6mT4pZ1uWc8D9eF2aYh7J3sXnVyefhdfgw
Is there a plan for this functionality in the future?
Hello zmcq! 👋
Thank you for the feedback! The reason our QR code doesn't currently direct users straight into the 1Password app when scanned using the camera app is intentional: we want to reduce the risk of someone being tricked by a malicious QR code in the wild that they didn't expect.
That said, your point is well taken. A good middle ground might be redirecting users who scan the QR code using their camera app to a support page that explains the QR code, provides a warning to avoid phishing, and instructions on what to do next. I've passed your full feedback along to our development team for consideration.
-Dave
Issue=AUTH-89
1 Reply
- 1P_Dave
Moderator
Hello zmcq! 👋
Thank you for the feedback! The reason our QR code doesn't currently direct users straight into the 1Password app when scanned using the camera app is intentional: we want to reduce the risk of someone being tricked by a malicious QR code in the wild that they didn't expect.
That said, your point is well taken. A good middle ground might be redirecting users who scan the QR code using their camera app to a support page that explains the QR code, provides a warning to avoid phishing, and instructions on what to do next. I've passed your full feedback along to our development team for consideration.
-Dave
Issue=AUTH-89
