On October 2, 2013, Steve Gibson of Gibson Research Corporation announced a proposal that for some people could mean an internet experience free of user names and passwords.
Secure Quick Reliable Logon (SQRL) – pronounced squirrel – is a framework for using Quick Response (QR) codes as a standard vehicle for securely communicating login credentials online. The proposal as outlined has the potential to eliminate the need for many people to continue using logon names and passwords as they surf the internet.
Readers please note my liberal use of “could” and “might” rather than “will” in this column because this proposal is only under consideration and no standards are yet finalized. The idea really has captured the attention of web site developers and security experts such that the idea has gained much momentum in the few short weeks since it was unveiled.
Imagine this scenario: While surfing the internet you open a web site requiring a login using your name and password. You could simply point your smart phone to the QR code on the page, snap, and immediately your phone sends the web site your username and password and you are securely logged in to the web site. If you do not have an account with this site, your smart phone could set up one for you by making up a username and unique password. Best of all, the proposed system could work with any individual computer, smart phone, tablet or many other personal computing devices.