Your wallet takes your node keypair + the domain name (stacker.news) = keypair unique to stacker news
When you scan the QR code, it sends your wallet a “secret” which is just a big random number
Your wallet takes the secret and cryptographically signs it with the key from (1)
Your wallet sends the signature to SN
These steps happen every time you login, and while the secret will be different each time, your keypair from (1) is the same. So, your keypair is your identity and the signature (3) proves you “own” that identity. If you don’t have the keypair you can’t produce the same signature.
Basically
These steps happen every time you login, and while the secret will be different each time, your keypair from (1) is the same. So, your keypair is your identity and the signature (3) proves you “own” that identity. If you don’t have the keypair you can’t produce the same signature.