Slashdot Mirror


New Standard For Website Authentication Proposed: SQRL (Secure QR Login)

fsagx writes "Steve Gibson has proposed a new standard method for website authentication. The SQRL system (pronounced 'squirrel') eliminates problems inherent in traditional login techniques. The website's login presents a QR code containing the URL of its authentication service, plus a nonce. The user's smartphone signs the login URL using a private key derived from its master secret and the URL's domain name. The Smartphone sends the matching public key to identify the user, and the signature to authenticate it. It may be used alongside of traditional username/password to ease adoption."

2 of 234 comments (clear)

  1. Steve Gibson is a... by Anonymous Coward · · Score: -1, Troll

    I invite everyone to let Google autocomplete that sentence. It's been well-known for a good while that absolutely no-one should pay any attention to him.

    1. Re: Steve Gibson is a... by man_of_mr_e · · Score: -1, Troll

      Gibson has not learned his lessons. You want a laugh? Check out one of his more recent attempts at "security"

      https://www.grc.com/haystack.htm

      His argument is based totally on pure brute force, which nobody does. The danger comes from dictionary attacks, and i'm pretty sure this technique can be easily accounted for and a "Haystack" password cracked in a matter of days, if not hours.

      The guy just doesn't understand that his problem is not that he's not smart... it's that he doesn't share his ideas with others before he pontificates on them.