Recent content by Dave

  1. Dave

    SQRL Forum is missing a feature ..

    Actually, whatever you type there is appended onto the end of the domain name as it is fed into the hash used to generate the unique SQRL id for that site. So SQRL is effectively pretending it is a different web site: example.com vs. example.com2. Instead of "2" you could also use something...
  2. Dave

    GRC's SQRL client for Windows is at Release Candidate #1

    I disagree. But not adamantly. It is an ever-so-slightly diminished security state, so some subtle visual indication (that you don't have to go find) would not be inappropriate. "QuickPass" use is likely mostly habit/inertia, which doesn't mean it is better/preferred. While "Quick Unlock"...
  3. Dave

    GRC's SQRL client for Windows is at Release Candidate #1

    In another thread, I made the suggestion that perhaps the system tray icon background color (and hover text) could reflect the QuickPass active state.
  4. Dave

    UX Help welcome

    I would like to cast a dissenting vote. The "QuickPass active" state is one in which the eternal and precarious security/convenience balance is knowingly and deliberately shifted in the direction of convenience and, conversely, ever-so-slightly away from security. And it is a transient state...
  5. Dave

    UX Help welcome

    The notification for the Waze app has a close button on the notification you can close the app from here or otherwise tapping on the main part of the notification opens the app. So, assuming there is some reason to want it, you could have a similar operations.
  6. Dave

    What just happened?

    @Alan M Cameron, Once you log in, SQRL is totally out of the loop. SQRL does nothing without you knowing. Xenoforo's persistent login feature (create a cookie and not prompt you to log in again) is completely unrelated. You would see the exact same behavior if you logged in with a user ID and...
  7. Dave

    Possibility to use the fingerprint reader.

    @kalaspuffar, I think, perhaps, @PHolder was suggesting that, since it could be a problem that many people encounter, it might be useful to add that to the FAQ for your App, even if it isn't your issue.
  8. Dave

    URL Returned to Client vs Polling Javascript

    Thanks! I guess I didn't follow some of the discussions of the last half decade as closely as I thought I did. ;-)
  9. Dave

    UX Help welcome

    Good point, Alan! I had a similar thought... but... forgot where. :rolleyes: Yes, any site could insist on a verified email address - or even a physical address, for that matter - as a condition of membership. But that would be entirely up to and part of the web site and it's raison d'être...
  10. Dave

    URL Returned to Client vs Polling Javascript

    Maybe SQRL Gen 2 will allow the client to verify the server. Perhaps the server's SQRL public key could be made available through DNSSec. It would be nice if there was some (secure) way for the QR Code to indicate that the server was using federated login and include both domains.
  11. Dave

    Possibility to use the fingerprint reader.

    Verizon finally started serving Pie to us old Note 8 owners. I have long used fingerprint scanning for unlock and such. But it was not an option in the SQRL app. Until... I went into Settings -> Biometrics and security -> Biometrics preferences -> Preferred biometric There, even though...
  12. Dave

    UX Help welcome

    As a concrete example, I am both a member of my chorus and the webmaster. I would typically log on to the chorus web site as just me. But, when I needed to do administrative stuff, I would log in using an alternate ID of, perhaps, "webmaster". You are doing exceptionally well. This would be...
  13. Dave

    UX Help welcome

    The SQRL identity that the user creates, sits on the users device. At each site the user visits, that identity is used to (deterministically) generate an identity unique to that site. That identity is both unique and reproducible because it is generated based on site's domain name...