SQRL is in trouble .. if we don't simplify identity creation.

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

warwagon

Well-known member
May 20, 2018
164
63
Iowa
Years ago I preached about this and it appears not much has been done about this, except for me doing it a few more times. I'm am a HUGE advocate and want it to succeed as much as everyone here. I'm worried, very worried that the current identity creation process will confuse the shit, (Parden my language) out of the average user. I've done my own user studies and posted them here.

They are all confused, very confused. I see average users in action every day, as I do computer repair and assist them with their issues. Knowing what I know, SQRL is in trouble unless we can get the user creation process simpler.

I took some time today to create some mockups of a simper identity creation process. As much as Steve loves to explain stuff in paragraphs of text, I think that needs to go. Here is what I have .. mind you basic UI elements such as close are not included due me just throwing this together. Bare in mind I created this very quality so somethings should be elaborate on.

The password box I just slapped in from steves. I think when the user prints the identity it should have a code on the sheet or something that the user has to input on the next screen to verify that the identity successfully printed off and they have a copy of it in their hands.

I also think it's VERY important to make creating a backup a REQUIREMENT. I know the average user and THEY DON'T BACK ANYTHING UP!

















 
  • Like
Reactions: Gristle

Vela Nanashi

Well-known member
May 19, 2018
633
107
I think having a simplified version can be good, but it should have a button "click here if you want to know more" or something :) Also these colours make my eyes bleed, but I am not the average user.

Oh and maybe printing and backing up can be combined into a single screen and be verified together, since they are of equal importance. I suppose rescue code ceases to exist after the screen is passed so it is probably a little bit more important than the identity backup, but still, doing those two steps together seems like a good idea to me. Also I would like the option for textual version of both to write down (not just rescue code) :)
 

Jeffa

Well-known member
May 20, 2018
133
49
Years ago I preached about this and it appears not much has been done about this, except for me doing it a few more times. I'm am a HUGE advocate and want it to succeed as much as everyone here. I'm worried, very worried that the current identity creation process will confuse the shit, (Parden my language) out of the average user. I've done my own user studies and posted them here.


I heartily agree.

In my rewrite of my iOS client I go further. Much further.

My core assumption is that an unused ID has no value. So protecting it is not important.

The more you use an identity the more important it becomes.

I don’t present the rescue code or anything about backup to the naive user at on boarding.

I let the user have their first auth for “free” and then start nagging them to get their rescue code off the device and backup their identity. I delay the auth in ever increasing increments until they comply.
 
  • Like
Reactions: Brendan Kidwell

Vela Nanashi

Well-known member
May 19, 2018
633
107
That is one interesting way of doing it, Jeffa, though I would probably be annoyed it did things differently if I had used another client, but people who use IOS client might be less likely to have encountered the PC and android versions. I like to know I have done everything right at the start, but getting them addicted to SQRL first might be a good idea too, or you know complimentary at least :)

Also I am wondering if maybe clients should have a once per month or year check to verify that you have the rescue code and backup (something that can be disabled by advanced users, but would be enabled by default) and make sure to make people aware that they will be needed from time to time? I am not sure (I mean it might be a bit too annoying).
 
  • Like
Reactions: Gristle

Jaap

Well-known member
May 20, 2018
96
13
... I delay the auth in ever increasing increments until they comply.
Haha that's brilliant, Jeffa.
I agree with warwagon that @Steve can be very verbose/wordy.
I am the exact opposite (which shows in the WebExtension) and too impatient to read a wall of text if i just want to try a new tool.
 

Leif

Member
Feb 13, 2019
8
7
In the mock-up the 'write down the rescue code' page should have a 'go back' button.
 

Gristle

Well-known member
Feb 16, 2019
341
70
No longer contributing to this forum as I being harassed by PHolder
 
Last edited:

PHolder

Well-known member
May 19, 2018
918
124
do if they *know* they lost their rescue code
There should be a place here on these forums where we will hold them while they cry? I'm only being partially facetious... There should probably be a entry here to stop them from trying something crazy that won't work. A page of "how to start over and not screw it up this time..."
 

Vela Nanashi

Well-known member
May 19, 2018
633
107
If you know you have lost the rescue code, you need to create a new identity to start with, and make sure you do a better job backing up the identity and rescue code, keeping them safe. You also stop registering new accounts on the old identity. You also will start seeing what you are able to do on the various sites to set up dual ownership with old and new identity or talking with technical support, of course if you have enabled hardcore mode with no account recovery and all that and the company respects that, you are screwed, and those old accounts will die eventually, unless you never lose the actual identity that is, you can ignore the whole rescue code thing, if you believe nothing will go wrong, and probably for most people that will be the case. Just like a lot of people have not lost their files despite lacking a backup, but when you finally have a data loss, you learn how important the backups are to have, so it might be that level of painful experience. Only you were told ahead of time "you really need to take this seriously, it is important, nobody can help you if you don't do this." At least I think that is what Steve's client tells you, in more and also more precise words than I used there.

Also for me the whole save to a cloud etc, those may be nice options to offer, but I still don't know how to do that securely, you are after all then trusting that cloud. If they can recover from you losing a password, someone in the company, or who have hacked it, can gain that rescue code and backed up identity. If they can not recover from you losing your password, then if you forget the password you are just as lost as if you lost your rescue code and its backup, so I do not see what a cloud adds in that case.

Then again I don't even trust my bank to keep something safe in a safety deposit box, if they want they can steal anything in those. Same goes for any cloud providers or such. I would not trust them to keep my files safe, not really at least, they can delete them, even if they are encrypted with trust no-one encryption. I know them doing things like that might lose them business, but I have seen companies do irrational things like that in the past to their customers. So trusting anyone but yourself is not truly safe, and I even go further than that sometimes, not even trusting myself :) Though I am probably a bit more paranoid, and distrustful than most folks.

Something I might try to do in the future, is that on sites that allow it, I will have two connected SQRL identities, the master one that I will keep as safe as I possibly can, and the travel one, that can live on mobile phones and other insecure things that I take with me on travels, that way I can allow access to certain accounts when compatible, in a sort of limited fashion, and then keep all the truly important things and permissions on that master identity. Though I know that is not how SQRL is supposed to be used, maybe it is not a great idea, still that would be one benefit from having the ability on a server to link multiple identities with different permissions to the same account.

On the forum it would be nice if we had that, like one identity that can read and write posts, but not create new threads, not delete PMs, or change account details, not add more SQRL identities etc. Of course we don't have that granularity of control here at least yet.
 

warwagon

Well-known member
May 20, 2018
164
63
Iowa
The average user sucks completely and utterly sucks at backing stuff up. When their hard drive does end up with bad sectors they ask "How in the world did that happen" ... they have zero respect for hard drives and drive failures. So you need to force them to back up their rescue code during the account creation. I hadn't actually thought of that until making this thread.. Every time I help the average person setup lastpass I instantly regret it as I just watch as their "Eyes glaze over".

Every time I remotely connect to people to help them with their issues and I ask them if they have a backup 90% of the time the answer is no. Even if they have 20+ Gigs of photos. A lot of them tell me they would love to backup but they don't know-how. They don't know basic things like how to save things to a flash drive.

So I would say SQRL should backup to a flash drive for them, all they have to do is insert it and SQRL does the saving, all they have to do is press the "Save to flash drive button". If more than one is plugged in .. then MAYBE a list of flash drives they can choose, but that's it.

Yesterday I logged into help someone, and I had her plug in her USB flash drive. The flash drive she was backing her Quicken up onto. But there was no quicken files to be found on the flash drive. Had her go through the process of backing up for me. Turns out she was having quicken backup to the C drive every time overwriting the last back. I had to show her how to backup onto the flash drive.

So that is one thing about SQRL i'm worried about. People not respecting the identity and locking themselves out of it forever. I'm going to predict it will happen, A LOT.. more than you would have guessed.
 
Last edited:

Vela Nanashi

Well-known member
May 19, 2018
633
107
Sadly that does seem very likely, but I still think that SQRL is a lot better than regular logins and passwords, however maybe not everyone can go there themselves, maybe we techies that they know will have to be their support structure as always, and they will keep trusting us. Also at least we can make sure it is them, asking for their identity recovery back, at least when we meet them face to face, and I suppose for a short while still we can trust them over the phone or video call (until deep fakes takes that away from all of us).
 
  • Like
Reactions: warwagon

Vela Nanashi

Well-known member
May 19, 2018
633
107
Of course making it easier for SQRL to back up important things sounds like one step in the right direction, including backing up to the cloud for those people who feel that is safe enough for them, however I feel it is important to communicate how much trust that involves giving someone. Maybe most people do not care about that, as long as they can do the things they want in the moment though.
 
  • Like
Reactions: warwagon

Dror Harari

Member
Aug 10, 2019
14
1
I also agree with @warwagon and with others here on the inability of the average user to properly backup and save the creds (so they can be later found for recovery). SQRL tries to offer the ultimate protection and control and that's good but the main benefits everyone get are (1) no need to invent new (bad) secrets for each site and (2) each site only keeps your identity for it - nothing that will be useful for hackers.

This means that for the average user, keeping their identity creds with a trusted 3rd party (i.e. one that can reliably identify them) would be good enough - they will get the two main benefits above plus the knowledge that if they lose the creds or forget the password, they have someone to help them recover. The sophisticated users can always do it in the trust-no-one fashion and gain the ultimate protection.

If we are looking for adoption, we need to be able to make compromises. The approach @Jeffa took is a great example and it could easily be taken further. For example, both Apple and Google let you keep app-private backup. If the SQRL client offers the option to backup the creds to the app-private backup then the setup could be freakishly simple. Yes, if someone steals your phone and your iCloud or Google details (the two factors) you may have a risk of your identity compromised but that's a risk we can take (among few more we introduced) because now grandma is using SQRL and gets (1) and (2) so things are so much better than today.

Another service a serious SQRL client developer (such as LastPass) can do is to offer a way to protect one's identity with a trusted friend. Let's say my email is me@acme.com so the friend, with the help of this "serious" SQRL client can generate a public key for me (as if I were a web site) that the service provider will use to protect my backed-up creds. The friend would not be able to use his cred to use my identity - they will only be able to help me recover mine. This is just one simple example of how SQRL can be made much more simple without changing the SQRL spec at all but instead rely on the client eco-system to keep things simple and safe. It may also be a differentiator for the SQRL client vendor and even sort of lock-in (though if you start with your own generated identity then you can never be locked it).

SQRL is great!
 

Dror Harari

Member
Aug 10, 2019
14
1
...but the main benefits everyone get are (1) no need to invent new (bad) secrets for each site and (2) each site only keeps your identity for it - nothing that will be useful for hackers...
I forgot (3) never having to change one's site passwords again, ever
 

Gristle

Well-known member
Feb 16, 2019
341
70
No longer contributing to this forum as I being harassed by PHolder
 
Last edited:

Gristle

Well-known member
Feb 16, 2019
341
70
No longer contributing to this forum as I being harassed by PHolder
 
Last edited:

Gristle

Well-known member
Feb 16, 2019
341
70
No longer contributing to this forum as I being harassed by PHolder
 
Last edited:

PHolder

Well-known member
May 19, 2018
918
124
slightly sarcastic comments
I wasn't being sarcastic to you, I'm sorry if it came across that way. It was a frustration with the problem. I don't know how you can make people care enough about their security to not be lazy or stupid. I don't think your approach of saying it's hopeless is overly helpful either, but I don't have much else to offer... I have long ago given up on average people not shooting themselves in the their feet.