Report message:*
 

Re: Secure login: A replacement for passwords, tokens and everything else

Subject: Re: Secure login: A replacement for passwords, tokens and everything else
by Madfish on 2013/10/4 15:00:34

Sort of. The long random number is a cryptographic challenge. You authenticate by signing the number with your public key (which is effectively your ID) and sending it back to the server. If the signature is valid it knows to let you in.

The phone app reads the data out of the QR code (random number, URL for processing login requests), signs it and sends it off for verification. The app also handles creation and management of site-specific keys.