How do Apple PassKeys compare to SQRL?


jpmh

New member
Jun 6, 2022
2
0
Apple is announcing PassKeys this week, coming to their platforms this year, and it looks to have some similar capabilities & features to SQRL. I hope someone following the developer news this week who also has deep knowledge of SQRL could compare & contrast them for the forums.
 

PHolder

Well-known member
May 19, 2018
207
45
PassKeys is part of an overall push for FIDO [2]. FIDO has its own benefits and challenges... losing a physical key is much easier than losing a software one... and needing more than one means every site needs to allow a user to have multiple. (Not that SQRL didn't face this challenge too, and invented an optional solution for those few sites and services that need it.) The biggest difference between the two is who is support what... SQRL is still challenged by not having garnered any support.
 
  • Like
Reactions: Steve and ppporch

Steve

Administrator
Staff member
May 6, 2018
173
70
www.grc.com
... And I talked about it again, this (#875) week.

I think that I finally made the differences between SQRL and FIDO2 (passkeys) much more clear: FIDO2 is a replacement (a very good replacement) for traditional username/password logon. With FIDO, rather than the user and a website needing to share and keep secrets, only the user needs to keep secrets. SQRL provides that as well, with a similar security level. But SQRL additionally goes much farther to address many other common needs, edge cases and recovery for practical remote account access.
 
  • Like
Reactions: fcgreg and cdstelly

Spinn

New member
Jun 16, 2022
1
0
This is the part that give me hope:

But WebAuthn is the key. It provides a complete replacement for the insecure mess of usernames and passwords. And, interestingly, WebAuthn optionally supports SQRL’s chosen 25519 elliptic curve, with its special properties that allow for non-random deterministic private key synthesis. So it might be possible, someday in the future, to transparently run a modified SQRL solution to use SQRL-style deterministic passkeys on the server infrastructure that FIDO built.
 

Jeffa

Well-known member
May 20, 2018
58
29
... And I talked about it again, this (#875) week.
FWIW @Steve I certainly see a direct correlation between you mentioning SQRL in the podcast and activity here and in my little dev community.

You talking about SQRL with your audience really helps even if your focus is, rightly, elsewhere.

Even if you only find a few minutes to speak about SQRL now and again on the podcastI am sure it will help keep it in the minds of the right people.
 
  • Like
Reactions: Steve and Dave

Steve

Administrator
Staff member
May 6, 2018
173
70
www.grc.com
FWIW @Steve I certainly see a direct correlation between you mentioning SQRL in the podcast and activity here and in my little dev community.

You talking about SQRL with your audience really helps even if your focus is, rightly, elsewhere.

Even if you only find a few minutes to speak about SQRL now and again on the podcastI am sure it will help keep it in the minds of the right people.
That's good to know and hear, Jeff! Yay!
 
  • Like
Reactions: cdstelly