|Backup and safely store your SQRL identity and its Rescue Code.|
As SQRL becomes increasingly available for website sign-in, your investment in SQRL will grow. As long as you have safely backed up your SQRL identity and its Rescue Code just once at the start, you will be protected from anything that might happen. So just do it once. Do it now.
|NEVER use an unknown SQRL app. ONLY use known trusted apps.|
You are trusting the SQRL apps you use to be properly written to protect your identity. Even if the app's author has the purest of intentions, writing highly secure software is a challenge. And there is no doubt that deliberately malicious SQRL apps will be created to steal their users' SQRL identities. The SQRL apps listed here have been written by people with known intentions and with the support of the SQRL developer and user community. If it's recommended here, we trust it and you can too.
|ALWAYS verify the website domain you are providing your identity for.|
SQRL's very powerful built-in anti-spoofing, anti-interception, anti-hacking technologies are only able to protect its users when they use the "Click to Sign in with SQRL" button on the web browser where they are signing in. In this case, we believe that SQRL's security protections cannot be bypassed.
Unfortunately, these protections cannot be provided when scanning a SQRL QR code with a smartphone to sign in to a web browser on another computer or device. There is a very great danger that a malicious website might display a QR code for a different website than the one you believe you are signing in to. This would allow them to impersonate you. This can be prevented if you always verify the web domain being displayed on your SQRL app BEFORE you approve the sign in. It's a habit that will protect you. PLEASE ALWAYS CHECK!