Interesting use of QR codes for passwordless authentication. from Andrei Sambra on 2013-10-08 (public-webid@w3.org from October 2013)

From: Andrei Sambra <andrei.sambra@gmail.com>
Date: Tue, 8 Oct 2013 11:02:12 +0200
To: "public-rww@w3.org" <public-rww@w3.org>, public-webid <public-webid@w3.org>
Message-ID: <CAFG79ejkB7gn=MChOeHWj+hBGjc2Dp21k_LEwUqVjUcKXOGykQ@mail.gmail.com>

>From https://www.grc.com/sqrl/sqrl.htm :

"The website's login presents a QR code containing the URL of its
authentication service, plus a nonce. The user's smartphone signs the login
URL using a private key derived from its master secret and the URL's domain
name. The Smartphone sends the matching public key to identify the user,
and the signature to authenticate it."

While it does replace classic username/password authentication, it does not
allow you to provide additional information (e.g. photo, name/nick, etc.).
Still, maybe worth investigating in the scope of WebID.

Best,
Andrei

Received on Tuesday, 8 October 2013 09:03:01 UTC