This is a very thorough overview of SQRL by it’s creator.
It looks like a very interesting system. I particularly like:
- The enitre state of a client can be saved in a QR code.
- Each new service gets it’s own public key. Really good explanation on how EC curves allows this part of the presentation
- Using profile names as a kind of password is an interesting idea.
What I’m not sure about is:
- Can most people understand the difference between there master password and recovery code.
- Site’s accepting SQRL are potentially going to have to build there own recovery infrastructure.
- Is the user experience good enough for logins that don’t have high security requirements.