For signing a laptop/desktop computer into websites without a 3rd party, which also means this makes more sense built-in than as a webapp: Firefox OS takes a picture of the QR code and signs the sqrl: protocol URL in that code using a private key derived from its master secret and the URL's domain name, then sends the matching public key to the site identifying the user with a signature to authenticate it. The sqrl: protocol could also be registered within Firefox OS so a link can just be tapped for the same sign in on the phone itself, but this could be split into a separate bug. Secure QR Login looks to be presented to the W3C as a standard soon, meanwhile this could be implemented experimentally behind a pref.
Documentation for this could borrow from the illustrated guide at http://sqrl.pl/
Severity: normal → enhancement
You need to log in before you can comment on or make changes to this bug.