by Clay Calvert
How often do we hear in the news about yet another site being hacked and thousands, even millions, of passwords being compromised? A quick visit to https://haveibeenpwned.com shows over 8.5 billion compromised accounts in its database alone. The main problem with traditional authentication mechanisms is that the passwords – and associated accounts – must be stored somewhere. All too often hackers can extract that stored data.
The good news is that an intellectually unencumbered authentication mechanism has been released after five years in development. It doesn’t depend on a database of usernames and passwords. The Secure Quick Reliable Login (SQRL) employs a clever method to identify unique users. In short, a user creates a 256-bit unique identity and then hashes that value with the URL of the site being visited. The result is a site/user public key for authentication. Users then only need to log into their own instance of SQRL. The servers do not need to store any credentials that can be compromised.
Note that SQRL is not widely adopted yet, and it does require some individual responsibility. Still, this authentication mechanism holds great potential for future solutions where security is a top concern. To read more about how SQRL works, visit https://grc.com/sqrl.