As designers, we all want to offer our users a better experience. But things that allow for proper security often denigrate the UX. For example, having to enter a password is an obstacle to users’ goals. And 2-factor authentication is a pain in the neck. But having a bank account or even a social media account hacked are objectively worth making people suffer the slings and arrows of passwords.
In most cases, excellent short term UX, isn’t worth risking a catastrophic experience failure from poor security. For example, in a pandemic, everyone is worried about health and safety, so we put masks on to protect others. And covid19 has finally made QR codes useful, but those QR codes offer a degree of risk.
QR codes have long been an example of a godawful user experience being used on things like billboards, and TV commercials for an ad agency clout chasing , a way of showing how cool a client was. QR codes were pointless because they were used in places where they were hard to scan, and at a time where people didn’t have the technology to fully use the codes.
But now, most people have mobile phones capable of opening a QR code, and we have a reason to use them: restaurants. Specifically as we walk into a restaurant wearing a mask to protect those around us, it’s best to avoid passing around menus from person to person. So the QR code has a place.
Now for the balancing act. According to a report in Internet News Flash
“Windows run commands can be embedded within QR codes (and other forms of 2D barcodes). On the phone, QR codes can start phone calls, send text messages, or trigger an app’s actions. Apple Pay may even begin to let users use a QR code to send payments shortly. “
This opens a good deal of security risk, for consumers. As QR codes can be replaced with a sticker that could install malware or sent a payment. For the most part, smartphones like recent versions of android and iOS show a preview of the actions a QR code would trigger. But consumers have to stay mindful to avoid being the one to trigger the hack.
Internet News Flash mentions a restaurant that has decided to use designed QR codes with a company logo to help staff recognize if a QR code is tampered with by a bad actor. In contrast, other businesses are sticking with laminated menus to be sanitized frequently.