This synopsis is a guest post by Matt Hucke (@matthucke), a developer at AutoAccessoriesGarage.com and one of the first people I met this year at Windy City Rails! It covers Justin Love’s talk on SQRL.
Shared secret password security is “rotten at its core”.
With a memorable image involving monkeys sharing far too much, Justin Love (@wondible) exposed the fundamental problems of typical web site password setups. What we want in an effective authentication system, he says, is unique identities, not reused from site to site, to protect us from the inevitable breaches that are far too frequent these days. A hack of Target or iCloud should not result in our email accounts also being compromised – for users will reuse passwords across sites, no matter how often we tell them not to.