by Clay Calvert
How often do we hear news reports of yet another site being hacked and thousands, even millions, of passwords being compromised? A quick visit to the Have I Been Pwned? website – a free resource to assess whether you may be at risk due to an online account being compromised or “pwned” in a data breach – shows over 8.5 billion compromised accounts in its database alone.
The main problem with traditional authentication mechanisms is that the passwords and associated accounts must be stored somewhere. All too often, hackers can access and extract that stored data.
The good news is that after five years in development, an intellectually unencumbered authentication mechanism has been released that doesn’t depend on a database of usernames and passwords. The Secure Quick Reliable Login (SQRL) uses a clever method to identify unique users. In short, users create a 256-bit unique identity and then hash that value with the URL of the site being visited to create a unique site/user public key for authentication. The only password needed is for the user to log into their own instance of SQRL. Servers do not store any credentials that can be compromised.
Note that SQRL does not yet have wide adoption and it does require some individual responsibility. Still, this authentication mechanism has great potential for users who are highly concerned about security.
To read more about how SQRL works, go to: https://grc.com/sqrl