RFC: SQRL Login
509 sats \ 7 comments \ @g4ala 7 Nov 2021 bitcoin

Secure Quick Reliable Login
A highly secure, comprehensive, easy-to-use replacement for usernames, passwords, reminders, one-time-code authenticators . . . and everything else.
Logging into any website usually requires a user to give up some private information, such as an email address and implied trust placed on said website to keep the user data secure. SQRL cuts through all of that. In the same way as Bitcoin has TNO (Trust No One) built-in, so does SQRL.
This, from the linked document...

What is SQRL?
SQRL (pronounced “squirrel”) is an open, free, intellectual property unencumbered, complete and practical system to cryptographically authenticate the identity of individuals across a network. Though principally intended for website visitor identification and account sign-in, its concepts may be extended for related applications. SQRL may be used alongside other traditional website sign-in systems, and it can replace all other systems while offering dramatic improvements in usability and security.
Though designed and intended to be a two-party solution – website visitor to website – if needed, SQRL can also be used in a federated third-party mode to provide centralized identity management services to websites (e.g. login.gov).
Link to the SQRL page
write
preview
related posts
0 sats \ 0 replies \ @premitive1 11 Dec 2022
I wish this post would have had more attention
reply
0 sats \ 5 replies \ @k00b 7 Nov 2021
This appears to be another public key authentication system - like lnurl-auth. Based on the length of the document, there's a lot more going on though. I'm not sure what.
Protocols like these tend to suffer from a chicken and egg problem and a marketplace making problem which is why they don't ever seem to take off. I like using my lightning key-pair because I'm using it otherwise, I have incentive to maintain it outside of using it login.
reply
138 sats \ 0 replies \ @premitive1 11 Dec 2022
It was built not unlike bitcoin, with a FOSS ethos and methodology. Sometimes I wonder if Steve Gibson isn't Satoshi.
reply
1 sat \ 3 replies \ @g4ala OP 7 Nov 2021
I know nothing about the development behind lnurl-auth On the other hand, I know a good deal about the development behind SQRL, having followed the project from its inception. I've followed the work of Steve Gibson for decades and I know that his work is flawless, but that's by-the-by.
I'm not suggesting that SQRL be implemented as a replacement, but as an alternative, especially as an alternative to email, GitHub and Twitter log-ins.
Thanks for looking at this in any case, even if it's dismissed.
reply
0 sats \ 2 replies \ @k00b 7 Nov 2021
I'm not dismissing it - simply questioning the value prop over lnurl-auth. If you want to advocate for SQRL by enumerating it's virtues, I'm all ears. I only briefly looked at the docs.
reply
138 sats \ 0 replies \ @premitive1 11 Dec 2022
SQRL doesn't require a lightning wallet. I've been wondering about the comparison for a few days now because LNURL-Auth sounds very similar to SQRL, but it requires a lightning wallet first.
reply
1 sat \ 0 replies \ @g4ala OP 7 Nov 2021
Fair enough, but all I can do is to encourage you to look into SQRL in some detail. Given your technical knowledge, which, just from what I see here, I can tell is way superior to mine, I'm sure that you'd realise what SQRL is about and the value it has to offer - if I tried to explain it, there's every possibility that I'd get something wrong.
Yes. it's new and yes there's not been so much uptake, but as with anything new, there needs to be a starting point and the more that website operators are exposed to SQRL, the more I believe it will be implemented.
It's time consuming, I understand that, and it's not going to be a high priority, but maybe you could give it due consideration as this site moves forward.
reply