Slashdot Mirror
New Standard For Website Authentication Proposed: SQRL (Secure QR Login)
fsagx writes "Steve Gibson has proposed a new standard method for website authentication. The SQRL system (pronounced 'squirrel') eliminates problems inherent in traditional login techniques. The website's login presents a QR code containing the URL of its authentication service, plus a nonce. The user's smartphone signs the login URL using a private key derived from its master secret and the URL's domain name. The Smartphone sends the matching public key to identify the user, and the signature to authenticate it. It may be used alongside of traditional username/password to ease adoption."
I invite everyone to let Google autocomplete that sentence. It's been well-known for a good while that absolutely no-one should pay any attention to him.
Just for giggles I did test auto complete on that and it gave:
1. steve gibson is a fake
2. steve gibson is a moron
3. steve gibson is a idiot
Could that be considered the -opinion- of the Google algorithm?
My opinion about TFS involves squirrels too. But mainly their primary food source ( pronounced 'nuts').
Wasn't Gibson one of the first people we heard a reasonable explanation of the NSA tapping from? When we were all blaming Facebook and Google and Facebook and Google were denying direct feeds to the NSA, he asserted that what was probably happening was tapping of the trunk just externally to the private points of these entities, such that they may never have even known it was going on. Then, it turns out, that is pretty much what was happening in many of the cases.
I don't know a whole lot about the guy, but he sure seems to have an awful lot of anti NSA and pro-privacy stances, as far as I can tell.
From TFA:
1. No cell phone required.
2. No QR code required.
3. err, no cell phone required
4. It's stored encrypted by a local password