Password window closes in 2-3 seconds without user interaction

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

Dave

Well-known member
May 19, 2018
388
73
Gardner, MA
TLDR: Problem solved. Acronis True Image Home ver 11 was the cause of the problem.

Turns out the application Acronis True Image Home was interfering with the secondary desktop. I started shutting down apps in alphabetical order hoping to get lucky and it paid off. After I shut off Acronis True Image the password window stopped auto-hiding. It's a very old program. I don't use it regularly and I certainly don't need it running in the background. Problem solved.
Sounds like a candidate for a troubleshooting segment!
 

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
Yay!!! Thanks for the sleuthing and the closure, Gio! As Paul surmised, it was almost certainly something, since we've never seen it before. And... if you did want to run with Acronis, you could simply disable the screen darkening. :)
 
  • Like
Reactions: Gio0300

Vela Nanashi

Well-known member
May 19, 2018
633
107
Wow that is weird, good that it was figured out though, should definitely be on a known issues list when we make one.

Does acronis also disrupt windows own screen darkening thing? I forget what that is called, but you know the thing that pops up when you try to do anything administrative.
 

Gio0300

Member
Jun 21, 2019
10
1
Wow that is weird, good that it was figured out though, should definitely be on a known issues list when we make one.

Does acronis also disrupt windows own screen darkening thing? I forget what that is called, but you know the thing that pops up when you try to do anything administrative.
Hi Vela. I think you are referring to UAC (User Account Control). I never noticed a problem between Acronis and UAC in the past. With that said I usually don't keep Acronis loaded on my machine. I switched to a different back up solution a long time ago. It just so happened that I installed Acronis to image another computer shortly before I started checking out SQRL.
 

Vela Nanashi

Well-known member
May 19, 2018
633
107
Yeah UAC, the screen darkening of SQRL uses similar features in windows I think, not sure if identical or not, but still similar. So that was where my thinking went :)
 

ahauser

Well-known member
Feb 22, 2019
82
24
Hi @Steve,

by accident, I've discovered a series of interactions in the windows client that would leave you with only the darkened screen without any SQRL window, where any "normal user" would then be completely lost:
  • Trigger the login
  • Hit "Options"
  • Right click in the text area that says "An alternate identity should be used instead of ..."
  • Dismiss the context menu
  • Hit Escape
At this point, you've entered the "upside down" o_O.
This happens for all text fields that can be accessed using the context menu.

I am aware that this is a very unlikely scenario for any normal user, but as we've seen, this can be triggered by software as well, so I think it is worth fixing, also considering the fact that the user impact if it DOES happen is quite dramatic (most users who aren't aware of Ctrl-Alt-Del would probably have to cold-boot their machine).
 
  • Like
Reactions: Steve and Paul F

Vela Nanashi

Well-known member
May 19, 2018
633
107
I have been thinking that instead of screen darkening, maybe a user could be allowed to load an image of their own choosing that sqrl client will show on every window/dialog box it has, that way the user will see "hey that is the image I chose for SQRL" would make spoofing a lot harder, it might even be something we could put into the sqrl file, though any image would of course make the identity comparatively huge. Another idea I had was to be able to select background color, foreground color and font size and face, in the client, and save those options as well, that way every person can make their own set of choices for looks of SQRL and screen darkening won't be needed to prevent the spoofing, I will probably try to make something like that if I write a client myself, not saying all the existing clients need to do or support it :)

For the image maybe SQRL could also come with a set of coloured squirrels, mirrored and not mirrored, and maybe quirky upside down ones too :)
 

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
@ahauser : Yow! Thanks for the report!! I will definitely get that fixed. I have a slowly-growing and still short list of things that I need to address. So there is no doubt that I will pushing out another dev release to test all of the things I believe are fixed, followed by an incremental update to the mainline SQRL.

Since I don't want to do that a lot, and since we still haven't stumbled upon any horrific mistakes, I'll sit on this one. But it does need to be fixed.

Thanks!!!
 
  • Like
Reactions: ahauser

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
I have been thinking that instead of screen darkening, maybe a user could be allowed to load an image of their own choosing that sqrl client will show on every window/dialog box it has, that way the user will see "hey that is the image I chose for SQRL" would make spoofing a lot harder, it might even be something we could put into the sqrl file, though any image would of course make the identity comparatively huge.
I agree that I could have been more creative about customizing the "anti-spoofing" -- and I certainly regret the mess that Screen Darkening made to my client when I attempted to shoehorn it into the flow once everything was working.
 

Vela Nanashi

Well-known member
May 19, 2018
633
107
Another bug that still exists is the cosmetic one, with people who use high contrast fonts and colours, or just different colours, where some things do not properly change color, since they do not all use the colors provided by windows, I hope that can be added to the list for fixing too, as annoying as they might be, I know some controls do obey colours set in windows settings, so your application must be fetching those from somewhere.