The superbrief summary of SQRL is:
- You install the SQRL software on your smartphone
- When you visit a web site that supports SQRL, you will see a QR code next to the login form.
- Instead of typing in your user ID and password, you scan the QR code with your phone
- The SQRL app works some cryptographic magic (go read the web page for the details) and sends the results to the URL that's part of that QR code
- You click the login button without typing in any name/password
- You are securely and anonymously logged in:
- The server doesn't know who you are (unless you provide that information separately)
- The server will recognize you when you come back in the future
- Other servers using SQRL will see different anonymous IDs, so you can't be tracked across multiple sites (unless, of course, you provide additional information as a part of using that site.)
- The authentication process is out-of-bound (separate network connection, separate device, etc.) so a compromised web browser (like in a public terminal) won't see any of your login credentials
More convenient and more secure than a normal password-based login. What more could you want?
I need to read more about this (I've only read the first page of the site), but based on what I've read so far, and the fact that Gibson Research is a company that has earned a lot of trust over the years, I am very interested in this technology and would love to see it (or some similar concept) widely adopted all over the internet.
No comments:
Post a Comment