DEV Community

Discussion on: The Password Struggle

Collapse
keptoman profile image
mlaj

SQRL looks cool if it gets adopted widely. Still sad that it can't do cross device tho.

The person that will manage to free us from password safely will become a god.

Collapse
cristinaruth profile image
Cristina Ruth Author

Oh definitely! That person/company will make big $$$.

I tried a quick google on SQRL but found too much text. Could you give a high-level summary of what it does?

Collapse
keptoman profile image
mlaj • Edited on

en.m.wikipedia.org/wiki/SQRL

"SQRL (pronounced "squirrel")[3] or Secure, Quick, Reliable Login (formerly Secure QR Login) is a draft open standard for secure website login and authentication. The software typically uses a link of the scheme sqrl:// or optionally a QR code, where a user identifies via a pseudonymous zero-knowledge proof rather than providing a user ID and password. This method is thought to be impervious to a brute force password attack or data breach."

It's like 2FA mixed with OAUTH on steroids for everything, without a third party.

Basically you have to have the app/software on your device to be able to use it. You only need to remember your master password, and theoretically any other login would be made using SQRL.
The inventor also added a few different ways to get your account back if it gets hacked or stolen.

A good idea on the surface, but the main problem is that it needs to be used almost everywhere for it to be worth it. Still a very good idea tho.