SQRL ( Secure Quick Reliable Login) is getting close to release.

[+Warwagon MVC]

SQRL

https://www.grc.com/sqrl/sqrl.htm 

 

 

In the video above he is showing how you can use a SQRL client on a smartphone (or tablet) to take a picture of a SQRL code being displayed on a computer screen (you can also tap a SQRL code on a website in a smartphone browser). They are then prompted for the SQRL password on their smartphone or tablet. After correctly entering it they are logged in on the computer.  This is a scenario where you would be using a public computer but would never want to enter your credentials into the machine

 

 

On a Windows desktop, you simply click on the SQRL code and you are prompted with a password.

 

 

Steve Gibson is now getting the forum up and going. I already registered there. If you would like to play with SQRL and see what it's all about you can download the Windows client by going to 

 

https://www.grc.com/dev/sqrl.exe for windows.

 

There is also an Android Client in the works.

 

https://play.google.com/store/apps/details?id=org.ea.sqrl

 

Looks like fixed the bug. So now you can create an account on the GRC SQRL client first if you want.

 

Here is the general basics of SQRL. You create an SQRL account using an SQRL client, you create a password (Although it's not required, it does prevent someone from using your SQRL ID if they somehow get a hold of it. Websites that you create an account on using SQRL have no secrets to keep. This is to say, that if a site is hacked the information they obtain, is only a bunch of public keys which are worthless without the private key in the persons SQRL identity.

 

Download it and play with it. Will get adopted? No idea, I hope so because I really like the idea. Steve is also obviously going to be incorporating  SQRL as a login option once his forum is open to the public.

[+Biscuits Brown MVC]

Well, since I've been on and off following this I went ahead and created an identity on my PC with the Windows client then the android client and am hit with that bug you mentioned (wish I'd seen your post first...). Did you find a way around this?  I also found that once in the Android client on that import or create screen, you cant back arrow out. The app just eats the back command so I'm forced to just hit the home key.

 

Now, about SQRL, I can say while the theory is good, I can't see many 'normals' setting up SQRL identities. I demonstrated the identity creation for my wife.  She listens weekly with me to the pod cast so she's been hearing about SQRL for a long time so she was understandably interested. All along I've said things like, "That SQRL just isn't going to fly" and she'd laugh. She is not one of 'us'. She is a regular PC user. Her reaction after watching the identity creation was, "Forget that. Way too much to do to get setup." I reflected on the the process and while I thought it was intuitive, I also use a password manager and do regular backups.  Like you, I am anything but a 'normal' and I'm afraid the people that most need this level of identity security are the ones most likely to be put off by its complexity. Steve always says its a compromise between security and convenience. I think SQRL will encounter resistance because of this. Its NOT convenient.  

[+Warwagon MVC]

7 minutes ago, Zag L. said:

Well, since I've been on and off following this I went ahead and created an identity on my PC with the Windows client then the android client and am hit with that bug you mentioned (wish I'd seen your post first...). Did you find a way around this?  I also found that once in the Android client on that import or create screen, you cant back arrow out. The app just eats the back command so I'm forced to just hit the home key.

 

Now, about SQRL, I can say while the theory is good, I can't see many 'normals' setting up SQRL identities. I demonstrated the identity creation for my wife.  She listens weekly with me to the pod cast so she's been hearing about SQRL for a long time so she was understandably interested. All along I've said things like, "That SQRL just isn't going to fly" and she'd laugh. She is not one of 'us'. She is a regular PC user. Her reaction after watching the identity creation was, "Forget that. Way too much to do to get setup." I reflected on the the process and while I thought it was intuitive, I also use a password manager and do regular backups.  Like you, I am anything but a 'normal' and I'm afraid the people that most need this level of identity security are the ones most likely to be put off by its complexity. Steve always says its a compromise between security and convenience. I think SQRL will encounter resistance because of this. Its NOT convenient.  

I spoke with the developer and he's going to fix it. Well is it may take a few minutes to setup after taking 5 mins to set it up it's good forever. As long as you keep your identity print out safe.

[+Biscuits Brown MVC]

Actually, I think I got it. When I imported my identity and scanned the code, and get the prompt 'Please choose a new password'. This was misleading. It went through a decrypting stage and I ended up at the SQRL menu but without an identity. It should have told me the password was incorrect or something - maybe that decryption failed, something. I just tried it again and instead of a 'new' password as the UI indicates, I entered my secure SQRL password and now it sets up correctly.

[+Warwagon MVC]

2 minutes ago, Zag L. said:

dentity and scanned the code, the prompt is for a 'new' password. This was misleading. It went through a decrypting stage and I ended up at the SQRL menu but without an identity. It should have told me the password was incorrect or something - maybe that decryption failed, something. I just tried it again and instead of a 'new' password as the

This is what it should look like if working properly.

 

 

and this is what I see

 

[+Warwagon MVC]

Appears he fixed the bug now with the Android client. So you can import from the GRC client directly into Android now.

[+Warwagon MVC]

First Video Demonstration of SQRL working with the XenForo forums. Someone over there coded SQRL integration for the SQRL forums. It's not live but judging by the video it's getting close. They are waiting for the SQRL forums to support SQRL before releasing it publically.

 

The developer said 

 

Quote

"Steve did most of the work by making the SSPAPI and providing me with a VM. Although I know some details about how SQRL works this integration required practically zero knowledge."

The delay after logging in is not caused by SQRL but the forum itself as an Anti BOT measure

 

https://media.grc.com/mp4/SQRL-XenForo-Demo.mp4

[+Warwagon MVC]

You can now log into or create an account on the SQRL forums using SQRL. So now you can install sqrl and play with it

 

I converted my current account over to a SQRL login and logged in using SQRL... it was sooooo slick!

 

Have fun!

 

https://sqrl.grc.com/

[+Warwagon MVC]

The SQRL forums are currently undergoing maintenance, during which time you will not be able to sign up using SQRL.

[+Warwagon MVC]

It's up and running again, Here is a quick video I made of it in action.

 

 

 

[+Warwagon MVC]

Updated the video.

[TheGodOfKratos]

That acronym is way to close to SQL. Coincidentally, the letter 'R' happens to be in the same group order that it would fall under if the developers of SQL had wanted a longer acronym. Is it finalized? What about QSRL? And the word reliable being a part of the acronym itself...I just don't know. It seems like that quality should be a given in any standard.

 

In what sense is it reliable? The technology works? I'm not trying to be a negative Nancy or too critical but it never hurts to rethink these things just to be sure they make good sense. If/when the technology takes off there's little chance of going back and making changes.

Edited February 14, 2019 by TheGodOfKratos
Because I am not a computer, I'm a human that makes mistakes.

[+Warwagon MVC]

10 minutes ago, TheGodOfKratos said:

That acronym is way to close to SQL. Coincidentally, the letter 'R' happens to be in the same group order that it would fall under if the developers of SQL had wanted a longer acronym. Is it finalized? What about QSRL? And the word reliable being a part of the acronym itself...I just don't know. It seems like that quality should be a given in any standard.

 

In what sense is it reliable? The technology works? I'm not trying to be a negative Nancy or too critical but it never hurts to rethink these things just to be sure they make good sense. If/when the technology takes off there's little chance of going back and making changes.

Seems like the name SQRL is fairly finalized and yes it seems to be really reliable. You should download the SQRL client at the link on the first post, create an identity and then go to the sqrl forum https://sqrl.grc.com and create an account and see how easy it is.

 

linked to the part of the video about SQRL so you will know exactly how it works.

 

 

 

[+Warwagon MVC]

Crap. posted this response in the wrong thread!