IDTY - how to enable additional computers


carlvanwormer

Member
Apr 20, 2019
7
0
I've been unable to find search terms in this forum to allow me to get SQRL working on my work computer (work computer, second computer, etc.). I know it should be easy, but my SQRL login attempt SQRL icon shows IDTY. Clicking into the SQRL Import Identity looks like it wants the whole Text, Rescue Code, and new password stuff. This seems wrong to me, so I must be doing something wrong. There should be a high-level topic on how to apply my SQRL identity to all my devices. What am I missing?

Thanks,
Carl
 

AlanD

Well-known member
May 20, 2018
125
23
Rutland, UK
Assuming that all the machines are running the same operating system, you need to install the same SQRL client on each machine. Then copy your user data file ( usually c:\users\{username}\documents *.sqrl ) on to each machine and put it in the "My documents" folder. Then SQRL should find the file when you start it and prompt you for the same password to unlock it.

Note, these files are not connected, if you later change the password on one machine, it will not change the password on the others.

Alternatively, on each new machine, you can "import" your SQRL ID from the original, but this involves either using a camera to import the QR code, or typing in the Rescue code and password.
 
  • Like
Reactions: Dave

PHolder

Well-known member
May 19, 2018
1,214
203
It is a common misconception to think SQRL links computes like a password manager does. Although SQRL is used to log into web sites, SQRL itself has NO ONLINE COMPONENT for sync. It was explicitly designed for the user to have full control of their identity. If you want to use multiple computers, you will need to manage the process yourself. You can copy your identity file around to the various computers, or you can export and import your identity. The export and import process involves using the rescue code. If you copy an identity file, it is implicit that you will copy the password protecting it. If you export your identity and import it, you would have the opportunity to select a new password for the new device's copy of your identity. If you choose the same password everywhere, but eventually change one, because of the lack of sync I mentioned, you will be responsible for changing your password on any other devices, if you want them to be the same everywhere.
 

carlvanwormer

Member
Apr 20, 2019
7
0
It is a common misconception to think SQRL links computes like a password manager does. Although SQRL is used to log into web sites, SQRL itself has NO ONLINE COMPONENT for sync. It was explicitly designed for the user to have full control of their identity. If you want to use multiple computers, you will need to manage the process yourself. You can copy your identity file around to the various computers, or you can export and import your identity. The export and import process involves using the rescue code. If you copy an identity file, it is implicit that you will copy the password protecting it. If you export your identity and import it, you would have the opportunity to select a new password for the new device's copy of your identity. If you choose the same password everywhere, but eventually change one, because of the lack of sync I mentioned, you will be responsible for changing your password on any other devices, if you want them to be the same everywhere.
OK, I can do this. I was apprehensive about needing to get my rescue information out of my basement safe and take it to work so I could use SQRL there too. Is there a way I can transfer the settings to my phone and then to my work computer?

There should probably be a topic in the top-level SQRL instructions covering this process since I'm probably not the only one with more than 1 computer and only minimal knowledge (but much enthusiasm) about SQRL.

Thanks,
Carl
 

PHolder

Well-known member
May 19, 2018
1,214
203
Your wish is my command:

Go to the SQRL Essentials on the top left and then to "But, What If ?... " or follow this link:

And find the topic: "What if I use several computers and/or smartphones?"

I'll quote it here:
Each SQRL user should only have one SQRL identity which can be easily shared among all of your computers, smartphones and tablets. Every SQRL app allows the SQRL identity to be displayed as a QR code for capture by another device, or printed on a sheet of paper containing a QR code and a textual printout.

So, your one SQRL identity would first be created on one device then “exported” from that first device and imported into any others. You should “export” with the password so that the transferred identity can be used with the same password on each device.

It is your responsibility to keep your password on various devices synchronized. SQRL cannot and does not do that for you. If you change your password on one device, which you are free to do at any time, it will not automatically be updated on any of your other devices. So, to minimize confusion, you should change your password on every SQRL device you use and keep them synchronized.

The same is true if you ever need to “rekey” your identity. That could happen if you believe that your identity may have been compromised, stolen, or fallen into the wrong hands. Rekeying your SQRL identity on one device will not automatically rekey it on your other devices. This is not an undue burden, since your SQRL identities are never intended to need rekeying. But it might be necessary.

However, if you ever do rekey your SQRL identity on one device, you cannot also rekey it on another device since that would create another new and different key. Instead, you must export your rekeyed identity from the one device where it was rekeyed and then re-import that newly rekeyed identity into all of your other devices. This is exactly like the first time you created your SQRL identity then showed its QR code to your other devices. You just need to perform a “backup/export identity” again like you did the first time.

To rekey your identity you must provide your identity’s Rescue Code and you will receive a new replacement Rescue Code for the rekeyed identity. You should destroy your paper backups of the retired identity and its Rescue Code. Print out your new identity and its new Rescue Code to keep them safe in case you need them in the future.
 

Paul F

Well-known member
Apr 11, 2019
96
29
Toronto
...
my SQRL login attempt SQRL icon shows IDTY
...
Your mention of "IDTY" implies you are using the Firefox/Chrome extension in which case you don't have as many export/import options as described above ( "What if I use several computers and/or smartphones?" ). As far as can tell, you must use the rescue code when importing, and when specifying the password, you would normally use the same password but you can make it different for that computer if you want.
 
  • Like
Reactions: Jaap