/* ---- Google Analytics Code Below */

Thursday, October 17, 2019

SQRL for Website Login and Authentication

More on Steve Gibson's SQRL, read through a bit of his site, below the WP description.  He has a very useful weekly podcast on security called 'Security Now'.   That I have followed for several years.  A good place to stay up to date on current IT technology security topics. 

Note the use of zero-knowledge proofs in their SQRL system described below:

In the Wikipedia:

SQRL (pronounced "squirrel")[3] or Secure, Quick, Reliable Login (formerly Secure QR Login) is a draft open standard for secure website login and authentication. The software typically uses a link of the scheme sqrl:// or optionally a QR code, where a user identifies via a pseudonymous zero-knowledge proof rather than providing a user ID and password. This method is thought to be impervious to a brute force password attack or data breach. It shifts the burden of security away from the party requesting the authentication and closer to the operating system implementation of what is possible on the hardware, as well as to the user. SQRL was proposed by Steve Gibson of Gibson Research Corporation in October 2013 as a way to simplify the process of authentication without the risk of revelation of information about the transaction to a third party ..... '

Extensive Video tutorial on SQRL:   https://youtu.be/Y6J1Yt8YYj0  

No comments: