Steve Gibson, a venerable computer guru who has innovated for decades and never produced anything but brilliantly elegant code, as well as being a compelling and thought-provoking writer, presents SQRL. It’s truly ingenious, I think. It provides secure, password-free logins, with unique but anonymous IDs, to any site that implements this standard, in a manner that seems to be far more secure than any conventional username/password design. True, some other form of authentication is needed to set up the app in the first place – you’d not want someone else to get hold of that! Also, it’s not quite as good as two-factor systems for security. But it is much better than username/login combinations, it is much easier for the end user even than using a social media site to provide authentication, and it offers the potential for uniquely identifying an individual without intruding on that individual’s privacy. That’s pretty cool. Two-factor systems may be secure but all are very complex, irritating and prone to error, but there’s nothing to stop someone intent on assuring secure access from using this as part of a two-factor system. Brilliant.
Address of the bookmark: https://www.grc.com/sqrl/sqrl.htm