[{"data":1,"prerenderedAt":191},["ShallowReactive",2],{"marketing-blog-blog\u002Fwhy-a-signed-qr-pass-beats-a-screenshot":3,"marketing-blog-related-blog\u002Fwhy-a-signed-qr-pass-beats-a-screenshot":172},{"id":4,"title":5,"author":6,"body":7,"category":151,"date":152,"description":153,"draft":154,"extension":155,"image":156,"imageAlt":157,"imageCredit":158,"imageCreditUrl":159,"meta":160,"navigation":161,"path":162,"readTime":163,"seo":164,"stem":165,"tags":166,"__hash__":171},"blog\u002Fblog\u002Fwhy-a-signed-qr-pass-beats-a-screenshot.md","Why a signed QR pass beats a screenshot","The CheckInHub team",{"type":8,"value":9,"toc":143},"minimark",[10,14,19,22,25,34,38,41,44,47,53,57,60,63,119,127,131,134,137,140],[11,12,13],"p",{},"To a guest, a QR code is a QR code. They hold up their phone, it beeps, they walk in. But under that identical surface there are two very different things going on, and the difference decides whether your door is checking credentials or just photographing pixels. One is a signed pass that the system can verify it issued. The other is a screenshot that anyone could have forwarded, screenshotted again, or generated themselves. They look the same. They are not the same.",[15,16,18],"h2",{"id":17},"a-qr-code-is-just-a-container","A QR code is just a container",[11,20,21],{},"It helps to be precise about what a QR code actually is. It is a way of encoding text in a square of black and white. That is all. The code itself carries no security. Whatever meaning it has comes entirely from what is written inside it and whether the thing scanning it can tell a real one from a fake.",[11,23,24],{},"So the question is never \"is it a QR code.\" It is \"what is inside this QR code, and can the door trust it.\" A naive system encodes something simple, like a ticket number, and trusts whatever it reads. A signed system encodes a payload that carries a cryptographic signature, so the scanner can confirm the pass was genuinely issued by your system and has not been altered.",[11,26,27,28,33],{},"The mechanics of this are covered in ",[29,30,32],"a",{"href":31},"\u002Fblog\u002Fhow-qr-code-tickets-actually-work","how QR code tickets actually work",". The short version: the signature is the difference between a credential and a lucky guess.",[15,35,37],{"id":36},"the-screenshot-problem","The screenshot problem",[11,39,40],{},"Here is the failure mode a naive system invites. You email a guest a QR code. They cannot make it, so they forward the email to a friend. The friend screenshots it and sends it to two more people. By the door, four phones hold the same image, and a system that only checks \"is this a valid-looking code\" lets all four in.",[11,42,43],{},"It gets worse. If the code encodes nothing but a predictable number, someone who works out the pattern can generate codes for tickets that were never sold. The door scans them, sees a plausible value, and admits people who paid nothing and exist in no list.",[11,45,46],{},"A signed pass closes the obvious door, though not every window. The payload is signed, so a generated or altered code fails verification outright. The system knows it did not issue that pass, and the scan is rejected. Forwarding is harder to stop with cryptography alone, because a forwarded signed pass is still validly signed, which is why the second line of defence matters just as much.",[48,49,50],"blockquote",{},[11,51,52],{},"A code that cannot be verified is not a ticket. It is a picture of a ticket, and pictures copy perfectly.",[15,54,56],{"id":55},"single-use-is-the-second-half-of-the-answer","Single-use is the second half of the answer",[11,58,59],{},"Signing proves a pass is genuine. It does not, on its own, stop a genuine pass being used twice. That forwarded screenshot is a real, validly signed pass, so the first person to present it scans in fine. The defence against the friend is that the pass is single-use: once it has been redeemed, the second presentation of the same code is rejected because the system already saw it.",[11,61,62],{},"This pairing is what makes the system sound:",[64,65,66,82],"table",{},[67,68,69],"thead",{},[70,71,72,76,79],"tr",{},[73,74,75],"th",{},"Property",[73,77,78],{},"What it stops",[73,80,81],{},"What it does not",[83,84,85,97,108],"tbody",{},[70,86,87,91,94],{},[88,89,90],"td",{},"Signature",[88,92,93],{},"Fake and altered codes",[88,95,96],{},"A real pass being shared",[70,98,99,102,105],{},[88,100,101],{},"Single-use redemption",[88,103,104],{},"The same pass entering twice",[88,106,107],{},"The very first use of a forwarded pass",[70,109,110,113,116],{},[88,111,112],{},"Live shared list",[88,114,115],{},"Two scanners admitting the same pass",[88,117,118],{},"A guest who never registered",[11,120,121,122,126],{},"Run them together and the forwarded screenshot fails at the second use, the generated code fails at the signature, and two scanners at two doors cannot both admit the same pass because they share one live record of what has already been redeemed. We covered that last point in ",[29,123,125],{"href":124},"\u002Fblog\u002Fwhat-happens-in-the-moment-a-code-is-scanned","what happens in the moment a code is scanned",".",[15,128,130],{"id":129},"why-this-matters-even-for-friendly-events","Why this matters even for friendly events",[11,132,133],{},"It is tempting to dismiss all this as paranoia for ticketed concerts, and to assume a corporate conference or a members' evening does not need it. But the value is not only fraud prevention. It is trust in your own numbers. If your door admits duplicates and ghosts, your live count is fiction, your capacity planning is built on sand, and your post-event attendance report is wrong.",[11,135,136],{},"A signed, single-use pass means the count you watch climbing through the morning is real. Every entry is a genuine pass, redeemed once, by someone the system issued it to. That is worth having even at an event where nobody is trying to sneak in, because the integrity of the credential is the integrity of the data.",[11,138,139],{},"There is also a quieter operational benefit. When passes are signed and single-use, the door crew do not have to make judgement calls. They are not squinting at a phone wondering whether a code looks legitimate, or trying to remember whether they have seen this person already. The system answers both questions instantly: genuine or not, used or not. That removes a whole category of awkward conversations at the door, where a member of staff would otherwise have to challenge a guest on a hunch. The scan either goes green or it does not, and the reason is recorded. The crew get to be welcoming rather than suspicious, because the credential is doing the checking for them.",[11,141,142],{},"CheckInHub issues signed passes and redeems them against one shared live list, so a code works exactly once and the same pass cannot enter twice even across separate doors. The guest sees a beep and a green tick. Underneath, the door checked whether your system really issued that pass and whether it has been used before. That invisible check is the whole point: a fast scan that is also a real one.",{"title":144,"searchDepth":145,"depth":145,"links":146},"",2,[147,148,149,150],{"id":17,"depth":145,"text":18},{"id":36,"depth":145,"text":37},{"id":55,"depth":145,"text":56},{"id":129,"depth":145,"text":130},"QR codes & scanning","2025-07-25","A forwarded screenshot and a cryptographically signed pass look identical at the door. Here is why one is a credential and the other is a guess.",false,"md","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1550482768-88b710a445fd?ixlib=rb-4.1.0&w=1600&q=80&auto=format&fit=crop","A QR code on a printed surface","Mitya Ivanov","https:\u002F\u002Funsplash.com\u002F@aka_opex?utm_source=checkinhub&utm_medium=referral",{},true,"\u002Fblog\u002Fwhy-a-signed-qr-pass-beats-a-screenshot",6,{"title":5,"description":153},"blog\u002Fwhy-a-signed-qr-pass-beats-a-screenshot",[167,168,169,170],"qr codes","barcodes","scanning","security","AKAsnnfahDqwHdKV1AQmlfbSvI4OnnjNU-7zxp4UPjA",[173,179,184],{"to":174,"title":175,"description":176,"date":177,"category":151,"image":178,"readTime":163},"\u002Fblog\u002Fthe-eight-second-check-in-explained","The eight-second check-in, explained","What actually happens in the eight seconds a guest spends at the door, step by step, and why most of that time has nothing to do with scanning.","2026-06-19","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1662383729882-e03ce8e00887?ixlib=rb-4.1.0&w=1600&q=80&auto=format&fit=crop",{"to":124,"title":180,"description":181,"date":182,"category":151,"image":183,"readTime":163},"What happens in the moment a code is scanned","Between holding up a phone and the door turning green, a lot happens in well under a second. A plain-language look at the scan itself.","2026-02-20","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1706759755782-62bc9a0b32e1?ixlib=rb-4.1.0&w=1600&q=80&auto=format&fit=crop",{"to":185,"title":186,"description":187,"date":188,"category":151,"image":189,"readTime":190},"\u002Fblog\u002Freading-any-code-phones-tablets-and-wedge-scanners","Reading any code: phones, tablets and wedge scanners","The device that reads the code matters as much as the code itself. Phones, tablets and wedge scanners each suit a different door.","2025-10-24","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1595079834934-b78552e04b10?ixlib=rb-4.1.0&w=1600&q=80&auto=format&fit=crop",5,1782495582096]