FaceID is cool... but....

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

Gristle

Well-known member
Feb 16, 2019
341
70
When you rekey, it rekeys you for ALL sites... So if you were frequently using your SQRL identity then the timing of your rekey event(s) is another possible correlation if I am monitoring the sites you visit.
This isn't necessarily correct. Yes, you rekey your identity, but sites only know about this event when you visit them. If you were really worried about that, you could space out the delays between logging in to various sites and space out the re-keying. Given the vast number of users who visit sites, and depending on how frequently re-keying events happen, it might be lost in the noise. Plus, you're assuming the attacker has access to all the sites' traffic. If they have this level of access, they hardly need to figure out your SQRL public key to know who you are.

And besides this whole argument is moot anyway considering there are much easier and more exploitable ways of tracking an individual across sites. If you are the target of a nation state, it's pretty safe to assume anything you do online can be monitored.
 

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
Hi Alex! Welcome!!
So just to be 100% clear there are two different concepts: Alt-ID and multiple IDs ? Is the documentation (more or less) up to date on those ?
You should read through the "SQRL Essentials" section. And specifically the SQRL User Questions and Answers page. The goal of that section is to introduce someone is entirely new to SQRL into all of the system's most important new ideas, of which there are several.
 

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
Something just hit me... I'm sure you thought of it, but I wanted to confirm. How does alternate IDs interoperate with rekeying? Does the connection to the site use the previous identities to regenerate previous AltIDs for the identity ratchet when I connect to a site using an AltID?
Thanks for confirming. I did handle this as you surmise. So rekeying does work with Alt-IDs. After rekeying, the user authenticates to a site using their Alt-ID and the site updates its keying and locking material for the rekeyed ID.
 

Andrew Godfrey

Well-known member
Mar 6, 2019
83
20
Seattle
I think there’s an important conflict outlined in this thread that isn’t really addressed: With SQRL, there are two different ways a user could establish multiple identities with web site. Steve hopes the Alt-Id way will be easier to use, and for good reason (users would have to manage multiple rescue codes, and each time they do that there’s added risk of them copying it down wrong, or deciding not to write it down at all, or storing it somewhere that is vulnerable).

But having two ways is a problem, because it makes the system more complicated to use by forcing users to make a subtle decision.

Steve wants to assist with that by discouraging the “multiple SQRL identities” way.

But the existing Alt-ID presentation in the UI is very weak. Suppose a user actually wants to maintain 2 online personas - complete with each persona having its own nickname that it uses on muliple sites. It should be clear that manually entering the Alt-ID for each site authentication is not good enough. What such users want is for the app to remember 2 choices, default to the last choice they made, and present the current choice it as part of each authentication (so that they can realize when it’s occasionally not the one they want).

Alt-ID is also challenging because its properties and limitations are foreign to most people. It DOES provide separation between different ID’s on the same site. But it does NOT provide other flexibilities that you get with separate SQRL identities:
  • You can’t give an alt to another person (without giving them your whole SQRL id)
  • In current implementations it is hard to maintain consistent alt id across many sites.

What this means is that users will need to think ahead about which kind of multiple-id they need, and that has me very concerned. I am wondering if it should actually be presented as a single multiple-identity facility, with a single local namespace, and the details of the separation are an ‘option’ you choose when you create an alt.
 

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
This is all about balance. "What If's" can be synthesized to amplify the apparent fault with any aspect of any system. I FULLY endorse exploring into every corner. But I always want to maintain a balanced sense for what problems are real and which are synthetic.

SQRL is designed as a SINGLE IDENTITY system. Some of the people here feel that's too limiting and have invented synthetic scenarios to amplify the apparent size of this problem. But they are synthetic. So let me say this again: SQRL is designed to be a single identity system. It is deliberately designed and optimized to that end. But... in acknowledgement of the fact that to also be a practical solution it MUST not have "showstopper" limitations, it also supports some divergences from that "single identity" ideal so that it doesn't fail due to its absolute rigidity. It therefore, begrudgingly, supports multiple whole identities and Alt-ID identity forks. But because SQRL is a single identity system, it does not glamorize nor glorify those. It does not work to make them more universal because their use is intended to be the exception, not the rule.

And if I haven't managed to make myself clear... SQRL is designed as a SINGLE IDENTITY system.

So, Andrew, I AGREE with you. There ARE many other ways for this to be designed. Perhaps I'm wrong and with time clients will be created that make different decisions. The good news is, that can be done within our current framework. But I would much prefer to first attempt to promote SQRL as a single identity system which can be pushed a bit further when/as/if needed, rather than to further complicate it to support behavior that it is designed not to encourage.
 

Andrew Godfrey

Well-known member
Mar 6, 2019
83
20
Seattle
SQRL is designed as a SINGLE IDENTITY system.
Then maybe you should “turn it up to 11”:

  1. By default, disable support for both alt ID and multiple id files, until the user goes to “options” looking for it.
  2. When they look for it, they are presented with 3 choices:
“a) Are you trying to ensure you have different ID’s on different web sites? SQRL already does that, you don’t need to manage multiple identities.
b) Do you want multiple identities for a web site? Click here to enable Alt-ID support.
b) Do you really really need multiple separate SQRL identities? Hopefully not. You will need to manage multiple rescue codes and identity backups. Click here to enable multiple-separate-SQRL-ID support.”
 

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
Have you seen my client, Andrew? That's exactly what it does. People complain about how text-heavy it is, but nothing is there because i enjoy pushing text at people. The process of using Alt-ID explains it. The Help dialog has more. The process of creating another identity strongly discourages and explains. As the saying goes... "It's in there." :)
 

Andrew Godfrey

Well-known member
Mar 6, 2019
83
20
Seattle
Have you seen my client, Andrew? That's exactly what it does.
I have, but I mean removing the alt-id options and “user” button from the login screen by default, forcing users who want those features to first go through the app’s settings, at which point they can be quizzed to find out which kind of isolation they are looking for (and giving you an opportunity to explain to them that they already have the most common kind of isolation built-in and automatic).
 
Feb 28, 2019
22
2
I too am looking forward to Alt-ID's. I also think that multiple ID's are unnecessary as in the case of Android, you can now have multiple users on one device, and on iOS, if two people really do use it that way (I find it unlikely in this day and age) then perhaps then it would be necessary but make some kind of popup or something that clarifies why it isn't suggested and how to use an Alt-ID instead.

I liked how it just used my TouchID on my iPad, but I am used to apps to asking me to enable that, so please add that feature.
 

jkeithsmith

New member
Jun 17, 2019
1
0
Ok, just played around logging out and in a few times. Wow, it's getting to be like magic.

This time Jeff's client asked me if I wanted to use Face ID. I said yes, and -poof- I was just on. This is exactly the kind of experience I think that will make SQRL catch on.

There may be a GUI issue though. After indicating you want to scan a QR code to login, a toggle appears (it looks like its for some advance stuff, so naturally, I want to diddle with it). However, the Apple's facial recognition authenticator visual notification pops up over the toggle. And Jeff's client is so fast that I find I'm already logged in and the toggle switch I want to play with is already removed once the authentication indicator goes away.

FYI, it'd be nice if on the "Scan SQRL QR code" screen it showed which profile was in use (and maybe the QR code for it, so it'd be useful to replicate to other devices; underneath could be a "link" saying 'Switch Profiles' to go to somewhere to choose or create a new one).
ALSO: should have some way to abort before auth if QRL code directs you to unanticipated web address (Potential malicious QR code)
 

Gristle

Well-known member
Feb 16, 2019
341
70
ALSO: should have some way to abort before auth if QRL code directs you to unanticipated web address (Potential malicious QR code)
I think the better option is to assume that any QR scan is malicious, and ask to user to confirm the domain before allowing them to proceed.
 

Gristle

Well-known member
Feb 16, 2019
341
70
I liked how it just used my TouchID on my iPad, but I am used to apps to asking me to enable that, so please add that feature.
If I'm not mistaken, the only way ANY app can use TouchID OR FaceID is if you gave it permission the first time. After that, it can always be used until you revoke it. You can revoke this privilege in the settings of iOS under "TouchID and passcode."
 

Gristle

Well-known member
Feb 16, 2019
341
70
Post removed due to harassment from PHolder
 
Last edited:

Jeffa

Well-known member
May 20, 2018
130
49
Hi,

The client used to require you to click on the fingerprint icon to launch a biometric auth if all the prerequisites are in place

The behaviour can be re-enabled by disabling "auto use biometrics" in settings.

FWIW, I agree that tapping to start the auth is the right way.
 

Simon9

Active member
Mar 13, 2019
43
4
On storing Alt-ids, like maybe for autocomplete, that should surely be optional.
And maybe a Merkle Mountain Range (MMR, a multi-roots hash tree) or RSA Aggregators or BLS could be useful to let a user store some kind of proof that a Alt-Id has been used, helping protect the user from misspelling an alt id.