Back on the 13th of October, I wrote a post about insecure passwords, some password manager solutions, and something called “Squirrel” or SQRL – Secure QR Login. You can read the original post by clicking on the QR code in this post. Think about it. you could log in very securely by scanning the QR code with a SQRL App, by clicking the QR code, or by touching it if you're using a mobile device.
Since it was first proposed by its inventor Steve Gibson, a lot has happened in the SQRL development space.
You may remember a few of the advantages of this proposed system…
- No usernames or passwords to worry about.
- No hands on the keyboard. Great for avoiding apps that could log your keystrokes.
- You only need to remember your SQRL ID. Good-by to lists of usernames and passwords..
- NO WAY to link one person across sites based only on the generated website ID.
In a newsgroup at grc.com, there have been over 3000 comments. W3C and Steve are talking about how this very secure method of logging into a website can be implemented and deployed. Various other groups are also working on developing SQRL into a real thing we all could use to replace passwords and have very good security. Like I said before, I'd like to use this now, but this idea is still in its infancy.
Gibson's idea solves nearly all problems we all have logging into our websites. Rather than explaining the system all over again, here's a website, published by Ben Cooper, that does a beautiful job of showing you how SQRL can work. Find Ben's site at SQRL.pl
This is a short update, but if you're interested in rock solid security like I am, make some time to look into SQRL. And if you know someone you think would be interested in SQRL, please share this post with them. Let's fan the flames of interest so we can start using SQRL sooner instead of later.