Recent content by PHolder

You can implement a SQRL authentication server as part of your offering. Implement the optional component of Managed Shared Access. See the documentation (at https://www.grc.com/sqrl/sqrl.htm ), a quote from page 14 of https://www.grc.com/sqrl/SQRL_Explained.pdf which is: MSA offers...

I don't know enough about how the graphical login screen on Linux works. Presumably it has some level of trust elevation on the system and has the means to either run the authentication process (PBKDF2 or similar) and the invoke a "su user" if it believes the authentication was successful. It...

SQRL was explicitly designed to avoid third party involvements and to make the end user explicitly in control of their own identity while giving the server no secrets to have to secure or worry about losing. Also, unless I really don't understand your question, I think you really don't...

In a word: no. In more words: Someone could probably create such an interface, but that fact that no one has implies it may not be the easiest challenge to tackle.

Most of the SQRL clients don't even have complete SQRL support, so I wouldn't hold my breath for any combo software. Unfortunately SQRL has not taken off yet... and until it does, no one is going to rush to support it.

I suspect you used a SQRL client that had a bug. Steve uses a SQRL feature (the x={n} in the URL for those who are technical.) It is (or was if fixed recently) quite likely not implemented properly on at least one client. Try logging into the forums with different clients you may have used in...

Yes, this is normal. It's not EXACTLY the same, just functionally identical. It's been too long and I've forgotten the exact details of the file format, but I presume there is randomness involved in the encryption used to store the file.

@Jeffa Perhaps you'll want to clean up the old issues here? Anyway, I just logged in now using the new client, and it worked fine. I did encounter a few items. The first try was password and got to 100% as expected. The second try (iPad) was by fingerprint, and it showed 200%. Also, having...

The Anti-Spoof protection requires JavaScript to run and requires access to localhost on port 25519. If the browser interferes with either, than problems, such as that warning, are inevitable.

Hover over his avatar, until you see a pop-up, then click "Start Conversation". (Not the only way, but probably the easiest/fastest.)

It's probably not working, but it's hard to know precisely what you're doing from just that pic. My experience (last time I tried) is it works for pre-existing users, but new users were unable to sign up at all. I thought Jose was aware of this, and was going to look into it, but there hasn't...

Yes, it doesn't appear like they intend to fix the issue, near as I can tell. I can't be personally bothered to fight that fight with them, I've had my bug reports buried too many times before.

Additionally, if you make even one single mistake while using it, it will be cleared and the full password will be required. You do NOT get any second chances with the quick password.

Any account you ever create is in one of three states. 1) You're new there. They don't know you as you've never been there before. You make some assertions about who you are and you create an account. 2) You've returned. They don't know you're you, but you assert that you are, and you provide...

Okay, but it's probably NOT Javascript, so that was what I was wondering. I suspect there is something particular going on related to Javascript or something.