Secure QR Login (SQRL)

October 3, 2013 – 5:33 PM

There’s a new web authentication method being proposed by Steve Gibson over at and initially it looks really good and does seem to solve most, if not all, of the current security/privacy problems we have with traditional username/password authentication.

In a nutshell, website login pages will display a QR code next to the traditional login form that the user will capture with their device’s camera, process, and then send an authentication blob back to the website (out-of-band) which will then log you into the website.  No usernames or passwords.  You are known to the website only by your unique “public key”.  Interesting, and I think it may work as long as the crypto is solid and the websites/vendors are willing to support and develop for it.

All the details can be found here:  (He’s only written 3 of the 11 pages so far)

You must be logged in to post a comment.