TiQR User Manual
TiQR is a new and revolutionary way to authenticate for online applications, such as webmail or online banking. The key feature is the use of QR tags, which makes authenticating both secure and easy. You will no longer be burdened with typing username/password combinations or complicated one-time passwords. Scanning a QR code and typing your PIN is all there is to it. This is the secret behind tiqr’s ease of use.
TiQR is based on open authentication standards. The authentication technology applied in tiqr can be compared to the technology used by one-time password tokens, such as the ones you may have received from your bank. This is a very safe authentication method (as opposed to SMS authentication for example). tiqr’s technology is a little less secure than authentication using e.g. a smart card reader as it is software based rather than hardware based.
You can use tiqr on Apple and Android smartphones by downloading the app in the App Store or the Android Market.
This manual shows you how to use TiQR.
More information is available on TiQR.org.
2. How Does It Work?
In short, Authentication using tiqr is done as follows:
1. You go to a website which requires you to log in, e.g. an online banking site.
2. The website displays a QR code.
3. You scan the QR code using the tiqr app on your phone, confirm login and enter your tiqr PIN.
4. Your account credentials together with the response to the random code contained in the QR tag is sent to the server, using the phone’s Internet connection.
5. The server validates the response and authorizes login.
6. The browser reloads the page and you are logged in.
# 3. Creating an Account
Before you can use tiqr to log in to a website, you must create a tiqr account which you will use to authenticate with. For every different website, a different account is required. So if you use tiqr to log in to your bank as well as to your e-mail, you will most likely need two tiqr accounts.
An account is provided by the website you will log in to. In general, this is done as follows:
1. On your computer, go to the website you want to log in to. 2. In the section where you can create a new account, provide a user ID and a full name for the new account. 3. Using the tiqr app on your smartphone, scan the QR code provided on the website. 4. On your smartphone, confirm the account activation by clicking OK.
5. Enter a PIN for the new account. You will need this PIN every time you log in with this account.
Every time you type a digit of the PIN, an animal icon appears. Every different PIN results in a different combination of animal icons; the icons are not related to single digits. So if you accidentally type 1324 instead of 1234 when logging in, the animal icons will be different. This way, the animal icons act as a reminder and help you to prevent entering the wrong PIN.
If you use different identities on one smartphone, we suggest that you choose the same PIN for all these identities to avoid confusing the PINs for different accounts.
6. Confirm your PIN. 7. If you entered the same PIN twice, verification will be successful and your account is activated.
Now you can use this account to log in.
4. Logging in to a Website
Proceed as follows:
1. Go to the website you want to log in to, in this example https://demo.tiqr.org.
2. Click on the tiqr logo.
3. Using the tiqr app on your smartphone, scan the QR code provided by the website.
- If you have more than one account installed on your smartphone, tiqr will ask you which account you want to log in with. Click on this account.
If you have only one account on your smartphone, that account is selected automatically and the screen below is skipped.
- You are asked to confirm that you wish to proceed. Click on OK to confirm.
For safety reasons, carefully check whether the website address on your smartphone matches with the one on your computer.
6. Enter your four digit PIN and click on OK.
You have three chances to enter the correct PIN. Use the animal icons to keep you from entering the wrong PIN. If you enter the wrong PIN three times, the identities on your smartphone are blocked. See the ‘What if my accounts are blocked?’ section.
7. If you enter the correct PIN, you are successfully logged in (left). If you enter the wrong PIN, try again (right).
After a successful login, the webpage is automatically reloaded and indicates that you are logged in.
5. What if… My accounts are blocked?
If you enter the wrong PIN three times, this screen appears and ALL the accounts on your smartphone are blocked.
Contact the website that provided you with your account. You will receive a new activation code and instructions on how to reactivate your account.
For safety reasons, all accounts on your smartphone are blocked. This way, criminals have no chance to try different PINs on all the accounts on your smartphone.
I want to view or delete an account?
1. In the tiqr app, click on the following icon in the upper right corner of the screen.
2. Click on the account you want to view or delete.
3. You can now: - Go to the website that provided your account by clicking on its URL or: - Delete the account by clicking on Delete.
The account is deleted immediately, there is no ‘Are you sure?’ message.
# I don’t have an Internet Connection on my Smartphone? Suppose you’re in an Internet café in a foreign country and there’s only wired Internet access. In that case, it is not possible to send the information the tiqr server requires to validate the account on the smartphone. You will have to log in manually. 1. Start the login process as explained in the ‘Logging into a website’ section. 2. After entering your PIN you will get a one-time login code.
3. On the webpage, click on click here, enter your user ID and the one-time login code in the textbox. Then click on Go.
You are now logged in.