Recent content by Dave

@eveanastacia, MSA also provides for complete, secure, and verifiable transfer of account access/control that would be ideal for an organization changing Treasurers or an estate adding, removing, or changing trustees.

@RonHudson, @PHolder is, as usual, quite correct. The concepts behind SQRL could certainly be applied to something like system logins but, SQRL as designed and implemented today, is exclusively applicable in the web/http context. At it's heart, SQRL is simply another challenge/response...

Presumably you have mentioned this to @Steve.

Worked fine! Logged in on a desktop using both the GRC version and scanning the QR code with the Android app. The only hiccup is that, when I choose "Logout", the log back in options do not include SQRL.

Presumably, you have read the SQRL ESSENTIALS forum. For a real "deep dive" there is always SQRL Explained.

As expected/hoped, SQRL never sends anything of value, ever. The SQRL user is identified by their public key (public, by definition) and the proof of identity challenge is simply a server-generated nonce that the client is asked to sign using the corresponding private key and return the signed...

Click on your profile picture in the upper right corner and select "Connected accounts".

Good luck getting that change. I don't know about Rasmus, but @Steve has definitely moved on.

Personally, I use the same password on multiple devices. Though it has been mentioned that someone might factor in the relative difficulty of entering a complex password on a mobile device versus that of doing so on a system with a proper keyboard and select platform-relative passwords. Also...

Or you could just FALL on your Katana and ask @Steve to help. ;-)

Interesting, thanks! Though I was not offering an opinion on how it SHOULD work (I can see both sides of the argument), I was merely refreshing my/our memory on how it was designed. So, it "works as designed". I believe this particular question was heavily debated over the last few years...

I had to check to be sure... https://www.grc.com/sqrl/storage.htm says: So, if that HAD been invoked, you would not even be able to log in at all using just the user id and password.

The only thing you did "wrong" was to lose the SQRL identity. SQRL is FAR more secure than user id and password. By design, the ONLY way to remove the SQRL identity is with the SQRL identity. If all it took to disassociate the SQRL identity from the account was the user id and password, then...

See New App coming to TestFlight shortly