- Is the QR code available everywhere ?
Most itsme® transactions conducted on tablets or desktops will include the option to scan a QR code. The sole exemption is for transactions on (semi)-government platforms using the Federal Authentication Services (FAS/BOSA), where this feature is not currently available. Users who have updated to the most recent version (4.9.0) of the itsme® app will find the QR button integrated into their application.
- Is the QR code scanning feature available for both V1 and V2?
Yes, irrespective of whether the partners are using our OpenID Connect V1 or V2 interface, all itsme® transactions on tablets or desktops will offer the possibility to scan a QR code. This also includes integrations via 3rd-party identity platforms (IAM...). End-users with an app version 4.9.0 (and up) will be able to effectively scan the QR code.
- Can we mandate the display of the QR code for our users?
After release in the production environment, the QR code option will be accessible to all end-users who use the itsme® app version 4.9.0 (and up) and are identifying themselves via desktop or tablet.
- Can users scan the QR code using their device camera or other applications?
No, the QR code can only be scanned from within the itsme® app. This means we can always check the validity of the QR code before triggering any user action.
- Will itsme® automatically push the most recent update to users?
In the E2E environment, updates are automatic. However, for the broader user base in production, we will gradually roll out the latest app version.
- Is it possible to opt out of the QR code feature?
The possibility for QR code scanning is standard on our OIDC frontend, so partners and customers have no option to disable it.
- Is the QR code safe?
The reason for this newest QR feature is user convenience. However, we made sure the QR code is as safe as the current method. Security measures include (but are not limited to):
The QR code can only be scanned from within the itsme® app. This means we can always check the validity of the QR code before triggering any user action.
The QR code is renewed every 10 seconds, making it close to impossible to copy and use in a fraudulous way.
- Will the QR code be the fallout method for end-users?
Initially, it will be offered as an alternative to the phone number. Once a user has chosen the QR code it will be offered as the first choice the next time. However, a user can always revert to authentication with their phone number.
- Will the QR code also be offered when signing documents with itsme®?
No, it will not be the case right now. The QR code will only be available for our identity services. We are currently investigating implementing it in our e-signature flows.