Passwords in actual use are commonly weak, hard to enter, reused, and forgotten Even if the user interface concerns can be dealt with, the fundamental technology is still shared secrets – which put both the user and the application in a position to lose control of those secrets. This becomes a major issue during database compromises, and is magnified manyfold by the prevalence of password reuse.
“Secure, Quick, Reliable Login” is a proposed technique to replace username/password login, as well as third party logins providers. SQRL (pronounced “squirrel”) provides an extremely user-friendly day-to-day workflow – the user simply scans a QR code on the page using a dedicated application, verifies that it refers to the correct site, and is then logged into the site. Other client options include clicking or tapping a link to run a local plugin or application.
SQRL uses sound and proven public/private key cryptography to provide a user-centric, fully decentralized system with an extremely easy day-to-day workflow. The only secret information is held by the user, which provides no place for third party tracking and insulates users from data breaches at service providers.