from the but-the-nsa-owns-your-phone dept.
fsagx writes "Steve Gibson has proposed a new standard method for website authentication. The SQRL system (pronounced 'squirrel') eliminates problems inherent in traditional login techniques. The website's login presents a QR code containing the URL of its authentication service, plus a nonce. The user's smartphone signs the login URL using a private key derived from its master secret and the URL's domain name. The Smartphone sends the matching public key to identify the user, and the signature to authenticate it. It may be used alongside of traditional username/password to ease adoption."
Top Ten Things Overheard At The ANSI C Draft Committee Meetings:
(7) Well, it's an excellent idea, but it would make the compilers too
hard to write.