Passwords Posess Flaws and Are Slated for Obsolescence - This Explains the Transition
SQRL, or Secure Quick Reliable Login, is a groundbreaking new method developed by tech pioneer Steve Gibson that promises to revolutionise the way we log into websites.
Human nature makes passwords easy to guess and prone to reuse across multiple accounts, making them a weak link in our digital security. SQRL addresses this issue by offering a more secure alternative.
The SQRL process involves an app on a phone generating a public/private key pair using a hashing function and the domain name of the site. This key pair forms the backbone of the SQRL login system.
Setting up SQRL is simple. When creating an account at a blog or any website, users just need to click on the SQRL emblem. This initiates the SQRL login process, replacing the traditional username and password combination.
The public key remains constant, allowing the website to recognise the user, while the QR code is encrypted with the private key, verifying possession without revealing it. Exposure of public keys in SQRL does not pose a significant security risk, as the private keys remain private.
SQRL is designed to be simple and unlikely to require bug fixes due to its simplicity. It is also a free, open, and under development project, with a demo available at Gibson Research.
Two-factor authentication, combining passwords with biometrics or smart cards, enhances security. SQRL takes this a step further by incorporating these principles into a user-friendly system. Requiring a one-time password from an RSA token or smartphone soft token, along with a password, is common for corporate systems, and SQRL follows a similar approach.
The rollout of SQRL will be slow, initially attracting security nerds, but gaining traction and press as its power becomes known. It is expected to become the security standard for websites, making it difficult for sites not using SQRL to compete.
However, using Facebook or Google to create logins for websites is easier but has a higher security risk. SQRL offers a middle ground, allowing for quick and easy authentication at websites with little effort.
In conclusion, SQRL is a promising new development in the field of digital security. By offering a more secure alternative to traditional username and password combinations, it has the potential to significantly improve the security of our online interactions. TechCrunch is expected to do a story on SQRL, shedding more light on this exciting new technology.
