I have two identities, and older one from when I first played around with SQRL a few years ago and one created today from release 70. I'm only using the new one currently and plan to delete the other. When I first start SQRL it works fine. However, I notice that after using it with the demo site it started complaining about duplicate identities and the Switch Identity dialog shows 2 copies of each identity. I've scanned my file systems and have verified that I only have 1 copy of each .sqrl file. At one point it showed 3 copies of each in the drop down menu. Unfortunately, I haven't been able to determine what sequence of events leads to the report of duplicates. I've noticed that closing and re-running SQRL seems to make the duplicates go away for a while, but then they reappear after some usage.
- Status
Could you do a run->cmd:
c:\> dir /s *.sqrl
No need to post the result here though since that might contain private data in the form of user names, sqrl identity names and folder names, but it will help you see if there is a .sqrl file hiding somewhere unexpected.
To verify that you only have one of each and that they have different names? I am not sure exactly what folders SQRL grabs identities from, but I think it should see them if they exist next to it, and also in the 'my documents folder', and maybe that would grab several copies if they are in different user accounts.
As to why this problem reappears after a while, I don't get at all, makes me wonder if something is spawning more copies of files or something.
c:\> dir /s *.sqrl
No need to post the result here though since that might contain private data in the form of user names, sqrl identity names and folder names, but it will help you see if there is a .sqrl file hiding somewhere unexpected.
To verify that you only have one of each and that they have different names? I am not sure exactly what folders SQRL grabs identities from, but I think it should see them if they exist next to it, and also in the 'my documents folder', and maybe that would grab several copies if they are in different user accounts.
As to why this problem reappears after a while, I don't get at all, makes me wonder if something is spawning more copies of files or something.
I actually used a tool called Agent Ransack to search all of my local drives as well as my network share drive - it is much more thorough than just a recursive dir against the C: drive. There was only a single copy of each of the .sqrl files (as I previously reported) across all file systems. There aren't extra copies, and SQRL only sees a single set when first run. After some usage, duplicates start to appear and SQRL warns me about the duplicates. I just choose to ignore it since I know I don't have duplicates, but this could be a definite UX issue for less technical users.
Yeah that sounds weird. This probably sounds dumb, but can you do a ransack/search after the UI starts to report duplicates? Not that I think there should be any reason for more files to show up. Also um maybe might help to know what version of windows you are running, for when Steve checks in on this, sadly I can't really think of anything else useful to do.
Ah.... THAT is interesting. That must explain why you're seeing something that no one else has encountered or reported. What directory are you running the app from? And are you creating and deleting identities? How many times must it be used for this to occur? I'll be glad to try to recreate the trouble if you can explain what you're doing to cause the trouble. Thanks!!!
Here's the best timeline of my experience I can give you:Ah.... THAT is interesting. That must explain why you're seeing something that no one else has encountered or reported. What directory are you running the app from? And are you creating and deleting identities? How many times must it be used for this to occur? I'll be glad to try to recreate the trouble if you can explain what you're doing to cause the trouble. Thanks!!!
- Ran SQRL client 0.0.5619.19 back in 2015 and created a test identity with it - only used for a few days at the time.
- Downloaded 0.0.7070.70 on 5/16/2019 and ran it.
- Nothing happened. No messages, no windows, no systray icon.
- Ran it again. Still nothing.
- Ran it from command prompt. Immediately exited with no messages.
- Ran it as administrator from command prompt. Still nothing.
- Moved it from my Downloads folder to my personal "bin" folder that I usually put my tools in.
- Opened the application properties and installed the certificate into my certificate store. (BTW, I'm doing all of this on my work computer so there may be additional controls in place that I'm not aware of).
- Ran it again and got the dialog about installing and selected "do not install".
- Didn't remember password to old identity, so created a new one.
- Renamed the old identity "oldtest".
- Used "Switch" functionality to ensure new identity was selected.
- Used it to login to the demo site.
- Logged out of demo site.
- Switch identity back to "oldtest" identity.
- Tried logging into demo site.
- Failed due to not knowing my password.
- Switched back to new identity.
- Logged back into demo site.
Playing around on the forums, I just had to re-authenticate on one of the settings pages. When I clicked the SQRL QR code, the SQRL client opened up to ask for my password but apparently the "oldtest" identity was currently active. I first selected "options" to see if I could switch identities there. When I cancelled because of the wrong identity, the duplication message showed up. I then went to switch the identity to the correct one and it showed 2 copies of "oldtest" and 2 copies of the new identity.
Side note, it would be nice if I could change or select my identity when the password dialog displays.
Side note, it would be nice if I could change or select my identity when the password dialog displays.
You can. The button is labelled "User" on the Options dialog. It's been suggested that I should rename it "Identity."
Maybe include the word 'select' or 'change' before 'user' or 'identity' to make it clearer what the button does. Of course maybe it already says that.
Duplicate Identities Update:
It turns out that this is the result of a subtle interaction with non-installation and the SQRL's use of multiple desktops for secure screen darkening. This was added to help prevent malicious websites from spoofing the SQRL client password prompt. In other words, it's important, so it's enabled by default. But it deeply interferes during development and it's annoying when I'm constantly doing it. So I run with it off... and consequently missed this interaction.
It turns out that this is the result of a subtle interaction with non-installation and the SQRL's use of multiple desktops for secure screen darkening. This was added to help prevent malicious websites from spoofing the SQRL client password prompt. In other words, it's important, so it's enabled by default. But it deeply interferes during development and it's annoying when I'm constantly doing it. So I run with it off... and consequently missed this interaction.
As those who have been following along over from back in the newsgroup days will recall, the whole screen darkening thing has been a horrible mess for my Windows client. It was added very late in the development after everything related was finished and working, I did not initially fully understand its implications (so I was learning about a previously unexplored aspect of the massive Windows API as I went -- which is never the way you want to be writing solid code), and it broke a large part of the app's interactions. It's fixed (mostly!), but it's obviously still a bit more fragile than it should be. I don't like it. But I do think that it's a worthwhile feature, since having a site able to too-easily spoof the client's password prompt would NOT be good. :-(
Glad to be able to help. Looking forward to the final product and the SpinRite updates!Release #71 is published and I believe that it cleanly resolves this trouble.
Thanks for catching and reporting this, @tmvander !!
Also, thank you for Security Now.... I use it towards my CSSLP CPEs.
- Status