Secure QR Login (SQRL)October 3, 2013 – 5:33 PM
There’s a new web authentication method being proposed by Steve Gibson over at grc.com and initially it looks really good and does seem to solve most, if not all, of the current security/privacy problems we have with traditional username/password authentication.
In a nutshell, website login pages will display a QR code next to the traditional login form that the user will capture with their device’s camera, process, and then send an authentication blob back to the website (out-of-band) which will then log you into the website. No usernames or passwords. You are known to the website only by your unique “public key”. Interesting, and I think it may work as long as the crypto is solid and the websites/vendors are willing to support and develop for it.
All the details can be found here: (He’s only written 3 of the 11 pages so far)