FaceID is cool... but....

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

PHolder

Well-known member
May 19, 2018
910
122
since our existing Alt-ID facility fully supports compartmentalization.
Have you actually used this functionality Steve? To be quite frank it sucks. Sorry. The UI doesn't remember it, nor display it's active. At least with a different identity it's obvious that it's active.

The idea with having, two identities, say "Paul" and "NaughtyPaul" is that I can pick the one for what I am doing (or about to do.) Then I go to the site I want to use it with and it "just werks." I don't need to keep entering some other identifier (beyond the Password/Quick Pass) to make sure I don't confuse myself ("I was sure I had an account at naughtysite.xxx oh well must have been deleted, let's create a new one".)

best argument you've offered so far is the idea of a third part giving someone an identity for them to use and share
Okay, this horse is well and truly dead... I'll stop beating it.
 

warwagon

Well-known member
May 20, 2018
164
63
Iowa
Have you actually used this functionality Steve? To be quite frank it sucks. Sorry. The UI doesn't remember it, nor display it's active. At least with a different identity it's obvious that it's active.
Where exactly is that alt-id functionality in the UI?
 

warwagon

Well-known member
May 20, 2018
164
63
Iowa
Thank you Adam for making my point about it not being easy to use ;)

Anyway, when you're about to authenticate to a site, click the options button.
Interesting, I had no idea that was ever there. I do see your point. I typed in an alt ID and when I returned it was empty and i had to hand enter it in. Even if it was remembered it probably wouldn't be brought in on an identity import. unless it could be stored in the SQRL identity file.
 

PHolder

Well-known member
May 19, 2018
910
122
Although you found it, I will include these pictures I just made in case they are useful to someone else later:
219

220
 

Gristle

Well-known member
Feb 16, 2019
341
70
I think the most important bit is that we make the first SQRL clients simple and accessible to increase adoption. If right out of the gate, we overwhelm or confuse people by trying to appeal to every use case, the whole thing may not get off the ground. I would suggest leaving the multiple identities for a future release, or keep it as an advanced setting that is disabled by default (along with some examples of when to use it and when not to).
 

PHolder

Well-known member
May 19, 2018
910
122
... make the first SQRL clients simple and accessible to increase adoption. ... confuse people ... leaving the multiple identities for a future release ...
I would suggest it will confuse some people who need this feature and can't figure out how to achieve that result. The problem is there is no such thing as one size fits all. The average user is used to entering a USERNAME and a PASSWORD. They're going to be confused when the username goes away... IMHO.
 

Gristle

Well-known member
Feb 16, 2019
341
70
I would suggest it will confuse some people who need this feature and can't figure out how to achieve that result. The problem is there is no such thing as one size fits all. The average user is used to entering a USERNAME and a PASSWORD. They're going to be confused when the username goes away... IMHO.
I think we're saying the same thing. I do agree that it will confused a person who needs a feature and can't find it. I would rather that person be confused for doing an advanced thing, then learn that there's options (either alt-ID, or a hidden setting that's off by default) rather than have everyone else be overwhelmed with options that they might abuse. To your point, people are used to having many usernames and many passwords. We don't want them thinking they need to make a new SQRL identity for each site they go to. From the people I've showed this to, that's exactly what they assumed this was. Once they learned it's one SQRL ID to all sites, it started to sink in.
 

Hzy

Active member
Feb 27, 2019
35
5
Bama
Steve posed this question early on, but has not specifically addressed that I can find - at the bottom of GRC's SQRL pg 1: "What about different people (and identities) sharing one phone?" (I would change "one phone" to "any one device"). This is exactly the use-case I have argued will be the most common. Others have expressed similar feelings about this case. Steve's current answer to this is that users already just switch(login) to their own account (on a win pc)...meaning, this is what users should do...and if they don't, they're doing it wrong. This answer also just ignores the use-case.

The main docs on Alt-ID's are in the In the Win app accessed via "help" after clicking from the Auth/pwd input screen only - so after clicking a login link.
, I think the Alt-ID "intro text" on the first of these screens should read "An alternate identity may be used..." instead of "should be used."
Click "Help" button on the 2nd screenshot above to see the rest of the Alt-ID docs. There, Steve notes:
240

What isn't made clear (to new users) is that the Alt-ID is not retained in the App. The user is totally on their own to remember (or store that Alt-ID) if they need to keep up with it for "permanent" use.

I definitely see the utility in an Alt-ID / Alter-ego. For one thing it's much faster and doesn't require creating a new ID and managing another recovery code and of course possibly another pwd. However, it is NOT an answer to the device-sharing use case. If you have not tested multiple ID's on any device, you really need to create at least one "Test-ID". Also, if you haven't tested on at least one phone app, I recommend doing so.
 

Attachments

Dave

Well-known member
May 19, 2018
384
73
Gardner, MA
Steve posed this question early on, but has not specifically addressed that I can find - at the bottom of GRC's SQRL pg 1: "What about different people (and identities) sharing one phone?" (I would change "one phone" to "any one device"). This is exactly the use-case I have argued will be the most common. Others have expressed similar feelings about this case. Steve's current answer to this is that users already just switch(login) to their own account (on a win pc)...meaning, this is what users should do...and if they don't, they're doing it wrong. This answer also just ignores the use-case.

The main docs on Alt-ID's are in the In the Win app accessed via "help" after clicking from the Auth/pwd input screen only - so after clicking a login link.
, I think the Alt-ID "intro text" on the first of these screens should read "An alternate identity may be used..." instead of "should be used."
Click "Help" button on the 2nd screenshot above to see the rest of the Alt-ID docs. There, Steve notes:
View attachment 240

What isn't made clear (to new users) is that the Alt-ID is not retained in the App. The user is totally on their own to remember (or store that Alt-ID) if they need to keep up with it for "permanent" use.

I definitely see the utility in an Alt-ID / Alter-ego. For one thing it's much faster and doesn't require creating a new ID and managing another recovery code and of course possibly another pwd. However, it is NOT an answer to the device-sharing use case. If you have not tested multiple ID's on any device, you really need to create at least one "Test-ID". Also, if you haven't tested on at least one phone app, I recommend doing so.
An Alt-ID can be anything you want to type in that prompt. Since it is just appended onto what goes into the hash, even a single character like '2' would result in a completely different ID being presented to the server.
 

alexT

Member
May 22, 2018
9
1
mauritius island
www.solero.mu
Ok I muss say I am somewhat confused - here is my understanding so far:
One single user can have multiple IDs - for instance I would not like to log with the same SQRL ID into my IRS account and my DarkWeb meth shopping account (just kidding...). It is still "me" but I would present two (or more) different key pairs to those respective sites in order to authenticate - and presumably there would be no way to associate / correlate both IDS.
Now with my same device - say iPhone - I might have different identities altogether, say one for myself and one for my wife - this might me possible (protocol wise) but not wanted nor implemented. It might however be implemented on other devices - say a shared PC.
Did I get it right ?
 

Gristle

Well-known member
Feb 16, 2019
341
70
Let me attempt to clarify.

With a single SQRL ID, there is already no way to associate you across sites. So you could safely use your single ID for both the dark web and IRS. Please note that there are likely other ways a site could track you, such as by IP address, cookies, browser metadata, etc, but this has nothing to do with SQRL, which is solely focused on authentication.

The Alternate identity is so that you, as a single person, may wish to have multiple accounts on a single website, say a Dropbox for you personally, and a Dropbox for you at work. Since your single SQRL ID will always generate the same keys for www.dropbox.com, you would use any text of your choosing to designate an alternate ID. In this case you might append "work" as the alternate ID text string. This will cause the hashing function to generate entirely different public and private keys for the same domain, without needing you to generate an entirely new SQRL ID. Having multiple SQRL IDs for a single user has been strongly discouraged in favor of this alternate ID approach.

The case where two users want to share a single device is where the current architecture has tradeoffs. For Operating Systems that are multi-user aware (such as macOS, Windows, etc), it's trivial to support multiple users per device. Each user simply uses their SQRL client with their SQRL identity while logged in to their respective user accounts on the device. Where this break is for OS's that are not multi-user aware (such as iOS 12). In this case, in order for two people to share the device, the SQRL client would need to juggle multiple SQRL IDs. Note that this becomes tricky because now the burden is on user 1 to make sure user 2 doesn't use user 1's SQRL ID without their knowledge, and there is no existing biometric support for more than 1 person per device, so people will have to use their password each time they use SQRL to login (painfully slow).

A much cleaner approach to the multi-user device problem would be to use the cross-device login feature of SQRL for the shared device. This is my personal solution of choice for a shared iPad. In this case, user 1 and user 2 wish to share an iPad. User 1, the primary user, could have their SQRL ID on the iPad. If user 2 wishes to use their SQRL ID to login to a site on the iPad, they would use their phone, or other device that has their SQRL ID and snap the QR code presented by the site. Alternatively no one puts their SQRL ID into the shared iPad, and everyone uses the QR code to login. In my opinion, this is far more easy to explain to a user than making clients have to support multiple IDs, and snapping the QR code and seeing the website suddenly logged in is just too cool. 🆒 Plus, it's more secure and faster. However it does require each user to have a device they personally control with a SQRL ID and client. In today's world, it's not unreasonable to assume each user has a phone. For younger users, maybe it's up to the parents to decide if SQRL is the appropriate solution versus other alternatives. For users who don't have a personal device they control, I wonder if they are using even using a password manager at all. I personally don't know anyone who uses a shared password manager on a single device, so I'm not sure they would expect SQRL to do the same.
 
Last edited:

Dave

Well-known member
May 19, 2018
384
73
Gardner, MA
Ok I muss say I am somewhat confused - here is my understanding so far:
One single user can have multiple IDs - for instance I would not like to log with the same SQRL ID into my IRS account and my DarkWeb meth shopping account (just kidding...). It is still "me" but I would present two (or more) different key pairs to those respective sites in order to authenticate - and presumably there would be no way to associate / correlate both IDS.
Now with my same device - say iPhone - I might have different identities altogether, say one for myself and one for my wife - this might me possible (protocol wise) but not wanted nor implemented. It might however be implemented on other devices - say a shared PC.
Did I get it right ?
The norm should be that one user has one SQRL identity. However, you are not giving that ID to either the IRS nor Drugs 'Я' Us. When you visit each of those two sites, SQRL uses your SQRL identity to generate two completely unique login ids, one for each site. There is no way to know that those two login id's originated from, or have anything to do with, the same original SQRL identity. And, at either site, if you enter something for an alternate ID, SQRL uses that to generate yet another completely different, apparently unrelated, login id for that site.
 
  • Like
Reactions: Gristle

PHolder

Well-known member
May 19, 2018
910
122
With a single SQRL ID, there is already no way to associate you across sites. So you could safely use your single ID for both the dark web and IRS.
Well it occurs to me that if a powerful government agency wanted to try and make a correlation between ids on sites they were monitoring, they would try and convince you to rekey. They might do this by making you believe one of the sites had a leak or something. When you rekey, it rekeys you for ALL sites... So if you were frequently using your SQRL identity then the timing of your rekey event(s) is another possible correlation if I am monitoring the sites you visit.
 

PHolder

Well-known member
May 19, 2018
910
122
The Alternate identity is so that you, as a single person, may wish to have multiple accounts on a single website
@Steve:

Something just hit me... I'm sure you thought of it, but I wanted to confirm. How does alternate IDs interoperate with rekeying? Does the connection to the site use the previous identities to regenerate previous AltIDs for the identity ratchet when I connect to a site using an AltID?
 
  • Wow
Reactions: Dave

Dave

Well-known member
May 19, 2018
384
73
Gardner, MA
They might do this by making you believe one of the sites had a leak or something.
But the entire point of SQRL is that THAT would be a non-event. They would have to convince you that your device had been compromised. And those sneaky bastards have much nastier tricks available to them. Remember the de-anonymization of TOR buzz?
 

PHolder

Well-known member
May 19, 2018
910
122
But the entire point of SQRL is that THAT would be a non-event. They would have to convince you that your device had been compromised. And those sneaky bastards have much nastier tricks available to them. Remember the de-anonymization of TOR buzz?
All true... but apparently you expect people to be rational in the face of a perceived danger :giggle: