As part of our 2FA Explained series, we recently looked at magnetic stripe cards. Another authentication method that has long been in use and can be printed onto cards are 2D barcodes.
Although 2D barcodes are much less secure than other authentication methods, they’re used by organizations with low security requirements that want a relatively simple and inexpensive option to recognize cardholder identities. For example, 2D barcode cards might be used for guest registration and identification where no access to secure resources is needed.
So, how do 2D barcodes compare to other authentication methods? Let’s take a closer look at how they work, as well as their benefits and drawbacks.
How 2D Barcode Authentication Works
With 2D barcodes, information is stored in a 2D barcode image that is comprised of a matrix of different-sized rectangles. The 2D barcode is created by transforming an alphanumeric code into a lined or pixelated image. That image can then be printed onto a card or displayed on a mobile device.
To authenticate, a user’s 2D barcode is scanned by a specialized barcode reader that verifies the numeric code stored in the 2D barcode by matching it to what’s stored in the company’s database. For added security, 2D barcodes can be layered with a PIN or password.
Ease of Use and Efficiency
For starters, scanning is contactless and quick. Reader errors are uncommon because the technology is simpler than other card-based methods, and unlike magnetic stripe cards, 2D barcode cards can’t get demagnetized or be swiped incorrectly.
Moreover, people are familiar with barcode technology and how it works. Many people have used barcode scanners in grocery store self-checkout lines (although those are for 1D barcodes) or have read QR codes (another type of barcode) using their smartphones.
Because they’re easy to use and efficient, 2D barcodes are often used for high-traffic situations in which speed of processing is paramount and security concerns are low, such as check-in at a gym or to verify a customer’s loyalty points.
Lower Cost than Other Card-Based Methods
2D barcodes are the most inexpensive method to store cardholder data, making them cost-effective for high-volume printing. Barcodes can be printed onto cards with a regular ID printer ribbon and don’t require any additional technology. Even with other cheaper methods, such as magnetic stripes, printer upgrades are needed.
Less Wear and Tear on Cards
There’s less wear and tear on 2D barcode cards than cards that require contact with the reader, such as magnetic stripe cards. And in the event that a 2D barcode gets partially rubbed off or scratched, the card can usually still function properly due to the error correction present in the creation of the barcode.
The main disadvantage of 2D barcodes is that it’s very easy to copy and steal a barcode. Information is stored in plain view and can be duplicated without specialized equipment. All you need is a photocopier or to take a photo of the barcode, and a thief can print a new barcode using a standard printer. That’s why 2D barcodes should never be used for anything but low-security situations.
Barcodes can be easily scratched or rubbed away, affecting readability. And although 2D barcodes can usually still be read when they have some damage, the cards they are printed on are flimsy and susceptible to breaking or wearing out over time.
Can Be Lost or Stolen
Like anything that must be carried, 2D barcode cards can be lost, stolen, or forgotten. You can’t authenticate a user’s identity if any of these things happen, and the cards offer little protection if they fall into the wrong hands (although adding a PIN or password can help).
Even though the cards are significantly cheaper than other card-based methods, there is still a hard cost involved to purchase the cards. That cost can add up, depending on the number of users. In addition, the optical readers used to scan the barcode are more expensive than some other readers, such as those used for magnetic stripe cards.
Is 2D Barcode Authentication Right for You?
Although 2D barcodes are an older form of authentication, they’re still in use due to their user convenience, simplicity, and relatively low cost. That being said, they have significant security drawbacks. We’d never recommend them for protecting access to sensitive resources, such as proprietary corporate information.
However, 2D barcode cards might meet your organization’s needs if you’re prioritizing convenience, cost, and leveraging existing technology investments over security. It’s crucial to weigh the pros and cons and consider more secure authentication methods if security is a concern.
Choosing an authentication platform that doesn’t just offer a single authentication option, but rather a broad range of flexible authentication options, can help your organization choose and combine authentication factors that fit the needs of different user populations and security levels.