I know I mentioned that I was feeling squirrelly, but now I think I may have gone off the deep end. I stripped back the system a bit, eliminated a useless set of Facebook, Twitter, Steam, and other login mechanisms and dropped in SQRL. If you’re not familiar and are a super-nerd like me, head on over to GRC.com and check out SQRL. Its an amazing piece of “simple” tech that solves a very real problem with security.
The simplest summary is this: The current internet password system (that fails us so frequently) is based on you coming up with an amazing, super-fantastic “password” and you tell it to your bank, under the premise that you can trust them to not tell anyone.
Three may keep a secret, if two of them are dead.-Benjamin Franklin
The problem is trust. You don’t actually know that they are keeping it secret. And, unfortunately for us, the adage, “dead men tell no tales” doesn’t apply to the internet, the dark web or whatever other term there is for the seedy underbelly of the internet.
So how do we trust someone in an age where we can’t actually know that they are keeping my secret, and millions of others, safe? Especially when the bank’s list of secrets, collected in a single database, is such a juicy target?
Lets go backwards about 100 years, to the mobster days of rum-running during prohibition. How did the gangsters really know who they could trust? They started with family. People they know intuitively and recognize on sight. That is the functional equivalent of a fingerprint of an identity.
Consider this, you know you mother, but can you describe her in a way that a complete stranger could pick her out of a crowd?
Uhh, she’s blond. Mostly. Kind of a sandy blond. Wait, she got highlights. I think its more platinum. You’ll just know her when you see her.
That unconscious knowledge is how we know family and friends instantly, and how we have a nagging feeling of knowing classmates 20-30 years later. Imagine being able to summarize that complicated “knowing” of yourself and hand that someone. Now imagine they can deterministically repeat the process of identifying you with that rubric.
At this point, to the business you shared that “fingerprint” with, you have become Norm from Cheers.
That’s right everybody knows your name. They don’t have any secrets, they just know YOU. That’s the best part of the tech. Your secret? Its you! Its a bit more complicated, and there’s some real crazy science going on, but that’s the short version.