New Standard For Website Authentication Proposed: SQRL

fsagx writes "Steve Gibson has proposed a new standard method for website authentication. The SQRL system (pronounced 'squirrel') eliminates problems inherent in traditional login techniques. The website's login presents a QR code containing the URL of its authentication service, plus a nonce. The user's smartphone signs the login URL using a private key derived from its master secret and the URL's domain name. The Smartphone sends the matching public key to identify the user, and the signature to authenticate it. It may be used alongside of traditional username/password to ease adoption."

Re:That's how I say SQL

[Joining+Yet+Again]

"MySQL" is pronounced "Why aren't you using PostgreSQL?"

And "noSQL" is pronounced "no".

Re: Steve Gibson is a...

[weedenbc]

Steve has a lot of hate coming from the traditional hacker community, some of it for good reasons. He got started in all this trying to defend himself from some attacks, and definitely made some noob mistakes. In particular, he made the mistake of lumping in penetration testers (white hats) with criminal hackers (black hats). That generated a lot of hate from the pen tester community and many labled him a fraud and never looked back. His biggest offense seems to be that he is not of, and does not participate in, the traditional hacker/pen tester community. I think it is very telling that none of his detractors are actually point out problems in his proposal for SQRL. They are relying entirely on "we all know Steve Gibson is a fraud" arguments.