It allows you to securely and conveniently login to a website without a user name or password (although there is an option to support a traditional login as a secondary). Unlike other proposed standards, this one keeps all the credentials on your device (not a 3rd party) so there is no way they can be stolen if the server is hacked, and does not require you to create a user account and . It can be easily incorporated into any website, VPN service or corporate Intranet. All you would have to do is point your phone camera at a QR code on a web page to login.
If implemented properly it would do away with the hassle of having to create a different user login for each website.Identification vs Authentication: SQRL-enabled websites have only your unique SQRL ID to disclose, and it is useful only to that single site since every users SQRL ID is automatically unique for every site they visit. There need not be any username or password for sites to have compromised, lost or stolen. Your SQRL ID does not authenticate your identity, it only identifies you to that single website. Authentication requires the SQRL smartphone app to cryptographically sign a long random number and return it with your SQRL ID (your public key). Thus, even if a hacker were to obtain your stored SQRL ID, it is useless for impersonating you—even to that one site—because the private key required to create the signature never leaves your smartphone.
It's been vetted by security experts like Bruce Schneier. The HTML standards committee was looking into the possibility of incorporating it into HTML, although that's not necessary to use it now.
Steve's made the standard and any code he's written public domain, and he's just finished the server and client side code. Someone has written an Android app and someone else is working on an iOS app. It would be nice if this became common place.
More info: https://www.grc.com/sqrl/sqrl.htm
Video: http://twit.tv/show/security-now/487
