Nothing to Lose: Getting Rid of Shared Secrets with SQRL at WindyCityRails

Passwords in actual use are commonly weak, hard to enter, reused, and forgotten Even if the user interface concerns can be dealt with, the fundamental technology is still shared secrets – which put both the user and the application in a position to lose control of those secrets. This becomes a major issue during database compromises, and is magnified manyfold by the prevalence of password reuse.

“Secure, Quick, Reliable Login” is a proposed technique to replace username/password login, as well as third party logins providers. SQRL (pronounced “squirrel”) provides an extremely user-friendly day-to-day workflow – the user simply scans a QR code on the page using a dedicated application, verifies that it refers to the correct site, and is then logged into the site. Other client options include clicking or tapping a link to run a local plugin or application.

SQRL uses sound and proven public/private key cryptography to provide a user-centric, fully decentralized system with an extremely easy day-to-day workflow. The only secret information is held by the user, which provides no place for third party tracking and insulates users from data breaches at service providers.

Posted Friday, September 5th, 2014 under Presentation.


Comments are closed.