SQRL Definition

Howard Poston
Oct 19, 2023
SQRL Definition

The term SQRL (which stands for Secure, Quick, Reliable Login) refers to an open standard that was proposed in 2013 by Steve Gibson for a more secure system of online authentication. The main goal of SQRL is to offer the end-user a secure way to log into a website or an application without revealing information to a third party such as the company behind the website.

Compared to the traditional system which is based on credentials and passwords, SQRL does not rely on passwords and therefore is more secure and resistant to brute-force attacks. The reason for such increased security is that, for each single login attempt there is a new nonce that is generated randomly.

SQRL utilizes zero-knowledge proof algorithms and therefore does not reveal any information about the user in the login process. This is done through a combination of public and private cryptographic keys, with the former being used by the user to sign a a random nonce that is generated every time, and the latter being used by the website to verify the signature of the user and authorize the authentication.

SQRL is a great standard when it comes to protecting against the following attacks:

  • Brute-force attacks, thanks to the asymmetric cryptography that is used in SQRL
  • Password spraying, since a random nonce is generated for every login
  • Session hijacking, because cryptography is used in SQRL
  • Credential stuffing, since the credentials are not stored on the website’s servers but on the user’s device
Howard Poston

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Interested In
Next-Gen MFA?

Discover Multi-Pass enterprise passwordless authentication

Share the page: