Looks like overcomplicated authentication with TLS client certificate, for some reason brought on application level.
Websites now store only public data indeed, but confidential data is pushed to client devices, which may be even more vulnerable than the original service (and often are).
On the other hand, if implemented correctly, such approach may be more flexible than web server settings.
It is complicated for sure and I think one of the problems is currently the clients for SQRL are pretty bad (I've tried them all, maybe I'm just picky)
However it's very questionable regarding the per device security.
Keep in mind a lot of people manage more and more of their life through their devices so more security is being pushed on to individual devices, however 3rd party websites and services have little to no oversight that they are actually doing the correct job and keeping peoples data secure.
Just look at https://haveibeenpwned.com/ for a vague idea of how bad security is still handled by service providers.
