Quick unlock - first few characters of password Vs. PIN


Status
Not open for further replies.

Digitoxin

New member
Apr 25, 2019
1
0
Is there a requirement that the quick unlock uses the first few characters of the password or is this an arbitrary decision. Can an alternate SQRL client use a PIN instead? It would be great if the SQRL client allowed the user to use a PIN instead of the first few characters of the password as the quick unlock code.
 

shanedk

Well-known member
May 20, 2018
421
113
SQRL clients are free to use whatever alternatives they want. The Android client uses the fingerprint reader (if available), for example. But I don't see the advantage in using a PIN. At best, it would be just as secure as the first few characters of the password if those first few characters were numbers; otherwise, it'd be less secure.
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
@Digitoxin :

SQRL's client "QuickPass" (we've officially renamed it) is not part of the underlying SQRL spec. So, yes, clients are free to do whatever they please.

However, using a separate PIN would be tricky, since it would need to be protected by encrypting it inside the user's identity so that the only way to access it would be by decrypting the identity using their full password. This would require an extension of the SQRL identity storage format which would break all existing clients. And it also significantly complicates the user interface and user experience.

Could you explain why you think that a PIN would be superior?? I don't see any advantage. :)
 

Vela Nanashi

Well-known member
May 19, 2018
720
124
Hey Paul that was what I was going to suggest too, after reading op, but I decided read the rest, someone has to have that idea, and you did :)
 
Status
Not open for further replies.