TeamDesk Knowledge Base & Support

   Home      FAQ      Forum      Idea Exchange      Ask a Question      My Stuff      Help   
  
SQRL Secure QR Login - no annoying account creation
Teamdesk team should review this alternative login method to supplement existing. It is only weeks old, but well received by nationwide encryption and security experts, and very promising. Heard about it on TWIT - Tech Guy days ago. Could change everything for us on the internet.

Summary:

The SQRL system (pronounced “squirrel”) revolutionizes web site login and authentication. It eliminates every problem inherent in traditional login techniques.

https://www.grc.com/sqrl/sqrl.htm

No annoying account creation: Suppose you wish to simply comment on a blog posting. Rather than going through the annoying process of “creating an account” to uniquely identify yourself to a new website (which such websites know causes them to lose valuable feedback traffic), you can login using your SQRL identity. If the site hasn't encountered your SQRL ID before, it might prompt you for a “handle name” to use for your postings. But either way, you immediately have an absolutely secure and unique identity on that system where no one can possibly impersonate you, and any time you ever return, you will be immediately and uniquely known. No account, no usernames or passwords. Nothing to remember or to forget. Your SQRL identity eliminates all of that.
ID
682
Category
User Experience
Author

Sam Parish
Date Created
10/9/2013 9:25:00 PM
Date Updated
11/29/2022 8:08:10 PM
Status
New Idea
Score
40
Promoted By
basenineRick CogleyJoshua Mullins
Sam Parish
Comments
Joshua Mullins 10/17/2013 4:32:05 AM
This could work quite well however users would still need to be given access to the individual applications they need to access.
Rick Cogley 11/23/2022 1:35:00 AM
This is a very old post, but, along these lines the recently-becoming-popular "passkeys" might be an interesting technique for Teamdesk to consider when implementing a more security login method for the native login database.

Read about it here:
https://www.passkeys.io/

A directory of sites that use it (not so many yet):
https://passkeys.directory/
basenine 11/29/2022 8:08:10 PM
Maybe this is related....maybe not:

A couple of weeks ago I created a self sign on Web2Record which is initiated by scanning a QR code.
It captures Email, FirstName, LastName, Telephone and has a hidden User field.
I set the hidden user field to default to the ToUser([EMAIL]) function. If there's a match (via a lookup to the Properties Table), it'll populate all the other fields (and dynamically set the fields to ReadOnly).
If there's no match, the 'new' user fills out the complete form and submits.
Behind the scenes, using the self registration URL...:
<%URLRoot()%>&'/api/v2/<%AppId()%>/setup/user.json?email='&<%=[EMAIL]%>&'&role='&<%"SUB CONTRACTOR"%>&'&defaultset=false&external=true&invite=true'
I created a workflow to initiate this if the (hidden) user field was empty.
TeamDesk fires off an email to the new user asking them to complete their registration.

The new user is now locked into that application and next time they scan the code and they enter their email, they are recognised as a current user, so they hop straight in on Submit...if they haven't signed out...

There's kind of elements of the idea in what I dev'd up, but I agree with Rick regarding the passkeys initiative for the actual secure login is the way forward.
Feedback
 
Back to Search Results