Security

5014 readers

8 users here now

Confidentiality Integrity Availability

founded 4 years ago

MODERATORS

gary_host_laptop@lemmy.ml

Maybe Passwords are the Future (kevincox.ca)

submitted 2 years ago by kevincox@lemmy.ml to c/security@lemmy.ml

7 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] brombek@lemmy.ml 3 points 2 years ago (2 children)

SQRL is solving lot's of these problems without needing to keep state (there is no per-site state) in sync: https://sqrl.grc.com/pages/what_is_sqrl/

[–] ksynwa@lemmy.ml 2 points 2 years ago (1 children)

This seems like it requires websites to allow using sqrl identities. Is that correct?

[–] brombek@lemmy.ml 1 points 2 years ago

yes, they have to keep 2 more tokens (or so) and add support

[–] kevincox@lemmy.ml 1 points 2 years ago (1 children)

I can't find any technical information on that site. Just reading it makes it sound basically like an SSO solution except the third party is software you run or some cryptography instead of a third party. However I would like to read the technical details.

[–] brombek@lemmy.ml 1 points 2 years ago

No, it does not require a login portal or so. All you need to do is to support it on the website and it requires client side software (e.g. Android application) but that does not require any data sync after it is set up. It does not replace SSO, just the use of password to log in.