Re: Secure login: A replacement for passwords, tokens and everything else

Posted by Madfish on 1380924034
Sort of. The long random number is a cryptographic challenge. You authenticate by signing the number with your public key (which is effectively your ID) and sending it back to the server. If the signature is valid it knows to let you in.

The phone app reads the data out of the QR code (random number, URL for processing login requests), signs it and sends it off for verification. The app also handles creation and management of site-specific keys.

This Post was from: https://www.impresscms.org/iforum/viewtopic.php?topic_id=5550&post_id=48966