No More Passwords: Log Into WordPress with a QR Code

Imagine logging in to your WordPress site simply by scanning a QR code. If you always have your phone with you, it might make life a little easier. This new way of logging into WordPress is a cool idea developed by Jack Reichert. Inspired by a conversation on Hacker News, Reichert wrote and released it as a WordPress plugin called No More Passwords.

The only thing you need is a phone with a QR Code reader app. Scan the code the plugin generates and you’ll be logged in. Simple as pie!

Check out a video demonstration from the plugin’s developer:

Please note that this plugin is not a ticket to start forgetting all of your WordPress passwords. You will have to log in on your phone the first time you use it. Thereafter there will be no need. However, if your phone dumps its cookies, which is likely to happen every two weeks or so, you’ll need to log in on your phone again. It’s a small price to pay if you find yourself logging into your website multiple times per day.

Worried about security?

This plugin has several measures put in place in order to make it secure:

  • Username/password are never passed back and forth, only the unique hash.
  • Hash is removed from the database once it’s used, old hashes that haven’t been used can’t be unless the database is hacked, but then you have bigger issues.
  • All database queries of the hash have been escaped to prevent XSS attacks.

More technical details of how the plugin works are available on the developer’s website.

I hope this idea inspires others to find more innovative ways for people to authenticate without passwords. If you like the concept, download Jack Reichert’s No More Passwords plugin from the WordPress repository. The plugin is still in beta and the developer welcomes your comments and suggestions, so be sure to leave him a note.