Recent content by Dave

Actually, whatever you type there is appended onto the end of the domain name as it is fed into the hash used to generate the unique SQRL id for that site. So SQRL is effectively pretending it is a different web site: example.com vs. example.com2. Instead of "2" you could also use something...

I disagree. But not adamantly. It is an ever-so-slightly diminished security state, so some subtle visual indication (that you don't have to go find) would not be inappropriate. "QuickPass" use is likely mostly habit/inertia, which doesn't mean it is better/preferred. While "Quick Unlock"...

In another thread, I made the suggestion that perhaps the system tray icon background color (and hover text) could reflect the QuickPass active state.

I would like to cast a dissenting vote. The "QuickPass active" state is one in which the eternal and precarious security/convenience balance is knowingly and deliberately shifted in the direction of convenience and, conversely, ever-so-slightly away from security. And it is a transient state...

The notification for the Waze app has a close button on the notification you can close the app from here or otherwise tapping on the main part of the notification opens the app. So, assuming there is some reason to want it, you could have a similar operations.

Copy/paste text blob? (Guessing.)

@Alan M Cameron, Once you log in, SQRL is totally out of the loop. SQRL does nothing without you knowing. Xenoforo's persistent login feature (create a cookie and not prompt you to log in again) is completely unrelated. You would see the exact same behavior if you logged in with a user ID and...

@kalaspuffar, I think, perhaps, @PHolder was suggesting that, since it could be a problem that many people encounter, it might be useful to add that to the FAQ for your App, even if it isn't your issue.

Thanks! I guess I didn't follow some of the discussions of the last half decade as closely as I thought I did. ;-)

Good point, Alan! I had a similar thought... but... forgot where. :rolleyes: Yes, any site could insist on a verified email address - or even a physical address, for that matter - as a condition of membership. But that would be entirely up to and part of the web site and it's raison d'être...

Maybe SQRL Gen 2 will allow the client to verify the server. Perhaps the server's SQRL public key could be made available through DNSSec. It would be nice if there was some (secure) way for the QR Code to indicate that the server was using federated login and include both domains.

Verizon finally started serving Pie to us old Note 8 owners. I have long used fingerprint scanning for unlock and such. But it was not an option in the SQRL app. Until... I went into Settings -> Biometrics and security -> Biometrics preferences -> Preferred biometric There, even though...

So, it DOES!! :D

As a concrete example, I am both a member of my chorus and the webmaster. I would typically log on to the chorus web site as just me. But, when I needed to do administrative stuff, I would log in using an alternate ID of, perhaps, "webmaster". You are doing exceptionally well. This would be...

The SQRL identity that the user creates, sits on the users device. At each site the user visits, that identity is used to (deterministically) generate an identity unique to that site. That identity is both unique and reproducible because it is generated based on site's domain name...