Why QR Codes Underachieve

A few weeks ago, Tobi Lutke, the founder and CEO of Shopify, tweeted a short but accurate assessment of the state of QR Codes today. It went like this:

“The west is still using QRCodes totally wrong. A QRCode on a restaurant table that opens the menu is not really what we want. A QRCode can be unique to the table and allow food ordering directly to it. Should carry state and context.”.

He hit the nail on the head. But like so many tweets, the brevity of the message left the universe begging for a further explanation of what he meant. As you might have guessed, I’m going to give it a try:

West versus East

The tweet starts out by calling out “the west” for misusing QR Codes. That’s a reference to how “the east” has been using QR Codes more broadly and purposefully for years. In Asia – most notably China – QR Codes have been used across many diverse applications. They’re placed on products to authenticate provenance and brand, they’re used for payment for goods and services, they are in advertising, job recruitment and are also used for identity and wellness verification.

Employing QR

Codes for applications like these require them to be ‘smarter’ than the QR Codes we see on things like restaurant menus and store signs today. They need to be secure, and often need to capture data about the scanner (who, what, where, when, etc…). They also need to be produced at scale. Think about producing a QR Code that dynamically represented an individual and their vaccine status. This QR would need to be integrated to a medical record system, its response would change dynamically according to someone’s changing vaccination status.

State

Implementing a QR Code where results can change dynamically start to hint at Tobi’s recommendation that QR Codes carry state. For example, if a QR Code carries a state of “unvaccinated”, then scanning an individual’s QR Code might direct a browser to a warning. Changing that state to “first dose” received might render an altogether different response if that same QR Code was scanned again.  You get the idea.

Codes like these are often called Dynamic QR Codes, which simply means that the result of scanning them can dynamically change based on an underlying attribute of what that code represents. Dynamic QR Codes are also trackable and can be edited whereas Static QR Codes – like the restaurant menu example – cannot be tracked and the destination/landing page cannot be changed.

Context

Lutke also paired Context with State in his wish for better codes.   Where State might represent something about the underlying thing a QR Code represents (e.g.: a bottle of rare whiskey), Context could represent something about the scan action itself.   Context could be something like:

  • The date and time the scan took place

  • The number of times the code has been scanned

  • The location and device from which the scan was made

Context can deliver valuable information to the maker of the QR Code and other stakeholders. In essence, Context adds another layer of value to Dynamic and Static QR Codes.

Openscreen and the Explosion of the Dynamic QR

We’re believers that QR Codes can be put to broader and better use in the “west”, so to speak. Across Health Care, Marketing, Authentication, Supply Chain and many other applications, Dynamic QR Codes can deliver secure, robust, and powerful digitization of the physical world. With our platform and developer tools, we are helping companies integrate this type of functionality into their mission-critical applications.

As for your tweet Toby, we wholeheartedly agree. Thanks for putting out the call to action and we hope you keep an eye on us as we set out to change the way QR Codes are used in everyday life.

IoT – Connecting the Next Trillion Devices

Today, we live in an Internet of Things universe where billions of devices interact with people, the cloud and each other. In our own daily lives, household appliances, personal wearables and the cars we drive have mostly graduated to the realm of IoT.

Distilled to its basics, the premise is simple: embed a tiny computer and a radio into a device so it can send and receive data between people and things. This drives automation, intelligence and interactivity that was previously impossible. And with near ubiquitous and inexpensive internet coverage, there is great incentive to invest in transforming disconnected devices into IoT-ready things.

Where are we Today?

Forecasts predict that by next year, we will have over 29 billion connected IOT devices on our planet. That’s a lot of cameras, sensors, handhelds and industrial machines. Within the four walls of your home alone, that likely includes every appliance, fixture, and screen. But let’s face it, 29 billion is a fraction of the physical inventory of the things on our planet today. To exploit the full potential of IOT, we’re actually talking about connecting trillions of things, aren’t we? There are so many items that could benefit from being connected to the cloud, items that can’t bear the added expense of a chip and a communications radio.

Branded consumer goods could leverage cloud connectivity to validate authenticity. Sensitive shipments like vaccines and legal documents could be tracked for chain of custody and transfer. Even simple print media could leverage internet connections to provide audiences with more information and interactivity. The applications are endless. So, how do we get it done?

Connecting the Unconnected:  QR and NFC

Contactless technologies like QR Codes and NFC chips provide an elegant and powerful solution for the 99% of things that can’t shoulder the added expense of a radio for connectivity. By embedding these virtually free ‘tokens’ into everyday items and using devices (like our cell phones) to act as their radios, we can create a bridge to IoT for just about anything.

While the subsiding pandemic showed us the utility of contactless technologies like QR Codes, it only gave us a tiny glimpse into how they can be used to digitize and automate the physical world. Today, most QR Codes scan to static endpoints like websites and documents. In reality, QR Codes and NFC tags can be instrumented to do far more. They can be configured to collect and store all sorts of contextual data, capture scanner demographics, and trigger dynamic workflows that change based on parameters. But to bring these features to everyday use cases, better developer tools and platforms are needed.

Openscreen and the Contactless Era of IOT

Openscreen’s vision of connecting the next trillion things in an IOT universe is based on being the broadest and most developer-friendly platform for contactless technologies like QR Codes and NFC tags. By empowering developers to generate dynamic QR Codes at scale, with robust data and scan capture utilities, we’re lowering the barriers to embed contactless tech into enterprise applications. We enable developers to securely store the things we want to connect to the cloud, and easily create the QR tokens that will get them there.   Openscreen’s developer API and SDK make it easy to get started right away, and our reference documentations showcase powerful applications across diverse industries. After all, a trillion is a big number. Let’s get going!

Securing QR Codes with Multi-Factor Authentication

Multifactor Authentication (MFA) has become a common shield against hacking and password theft. Nowadays, if you are using a digital service that needs to be secure (banking, e-commerce, health care, etc.), MFA has almost become standard.  After you submit a username and password, you receive a text message with a 6-digit code that’s used to prove that it’s really you who’s trying to access the service.   

Why Multifactor Works

Multifactor authentication is based on the principle of proving someone’s identity by getting two things they have from them: “something they know” and “something they have.”  Bank debit cards are a perfect example of MFA. To draw money from a machine, you need to know the PIN number and you need to have the card. That same principle applies when you get a 6-digit SMS code after you try and log in to a website.  The site is expecting you to know your username and password, and that you have your phone with you. It would be very unlikely that someone other than you could get access to both. 

Why QRs Can Benefit from MFA.

QR Codes are going to become more and more common as their penetration into the mainstream, everyday use continues.  Today, we can use QR Codes to see restaurant menus, book appointments at the bank, and get product information on things we buy. Tomorrow, we’ll likely use QR Codes to access medical records, prove product authenticity, and pay bills. In these sensitive applications, having QR Codes trigger SMS notifications to stakeholder parties for approval will be of great benefit. 

Openscreen and two-factor Authentication

The Openscreen platform includes an easy to invoke scan-to-SMS function that’s exposed via our API and Node SDK. We leverage functionality from Twilio, the leading cloud communications platform, ensuring the highest level in reliability when sending messages. To ensure that contactless technologies like QR Codes can continue to drive value for enterprises globally, every aspect must be considered, and security should always be at the top of the list. 

Market Scans - Industry Insights by Openscreen

Latest and Greatest

Blog Posts