W3C home > Mailing lists > Public > public-rww@w3.org > October 2013

Interesting use of QR codes for passwordless authentication.

From: Andrei Sambra <andrei.sambra@gmail.com>
Date: Tue, 8 Oct 2013 11:02:12 +0200
Message-ID: <CAFG79ejkB7gn=MChOeHWj+hBGjc2Dp21k_LEwUqVjUcKXOGykQ@mail.gmail.com>
To: "public-rww@w3.org" <public-rww@w3.org>, public-webid <public-webid@w3.org>
>From https://www.grc.com/sqrl/sqrl.htm :

"The website's login presents a QR code containing the URL of its
authentication service, plus a nonce. The user's smartphone signs the login
URL using a private key derived from its master secret and the URL's domain
name. The Smartphone sends the matching public key to identify the user,
and the signature to authenticate it."

While it does replace classic username/password authentication, it does not
allow you to provide additional information (e.g. photo, name/nick, etc.).
Still, maybe worth investigating in the scope of WebID.

Best,
Andrei
Received on Tuesday, 8 October 2013 09:03:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:10:43 UTC