+ Reply to Thread
Results 1 to 7 of 7

Thread: SQRL: The end of web site passwords - in our lifetime

  1. Link to Post #1
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,581
    Thanks
    30,501
    Thanked 138,435 times in 21,490 posts

    Default SQRL: The end of web site passwords - in our lifetime

    Websites, even some of the biggest and most secure, have proven time and again that they cannot guarantee the secrecy of your account information. They are all at risk of being hacked.

    Users, even the most careful and geeky, have proven time and again that they cannot be relied on to always follow "best practices" in managing account passwords. Sooner or later they will reuse a password, or use one that's too simple, or write the password down on a piece of paper or in a computer file that someone else might see.

    Passwords suck. Both website admins and website users agree on that much. But they're the best we have in most cases, and so we're stuck using them.

    Steve Gibson, who some of us old computer nerds will recognize as the author of Spinrite (the finest disk error recovery tool, ever, and still), is developing a replacement for passwords. It's called SQRL (pronounced "squirrel"). It uses public-key encryption so that websites no longer need to keep a secret password to check your identity. Rather you keep the secret on your PC, Mac or smart phone, and websites keep only your public key.

    SQRL stands for "Secure Quick Reliable Login". It is a comprehensive, easy-to-use, high security replacement for usernames, passwords, reminders, one-time-code authenticators . . . and everything else. It promises to be both easier to use, and more secure. No secret is kept on websites to validate your login, and you do not need to manage separate, hopefully "random enough", passwords for each website. Logging in can be as simple as entering a single, not too difficult, password into your PC or phone that identifies you to your phone, and then doing something such as taking a camera shot of a QR code displayed on a websites home page with your phone camera.

    If you're looking for a replacement for your password manager ... it's too early ... come back in perhaps a year.

    But if you're secretly aspiring to be a computer geek in cryptography ... keep reading.


    For over a year now, Steve has been teasing SQRL in his weekly Security Now! podcast with Leo Laporte (in episode #510 - over 10 years).

    This week, he gave the first public demo of SQRL, and announced a preview site that explains the technology behind it.

    Here's the demo Steve did with Leo, from that podcast:


    Here's the preview website (on Steve's "grc.com", for Gibson Research Corp, server): https://www.grc.com/sqrl/sqrl.htm

    Fascinating stuff, if you're a geek at heart. Important technology coming down the road, if you're a website admin. And hope for a more secure, and more user friendly, future, if you're a user.

    Unfortunate news if you're a nation-state with immense compute resources at your disposal. Steve has worked very hard in this design to keep even the NSA from being able to hack this.
    Last edited by ThePythonicCow; 5th June 2015 at 06:35.
    My quite dormant website: pauljackson.us

  2. The Following 30 Users Say Thank You to ThePythonicCow For This Post:

    Alan (5th June 2015), Anchor (6th June 2015), angelfire (5th June 2015), aranuk (5th June 2015), Aurelius (7th June 2015), Bill Ryan (18th September 2021), Billy (5th June 2015), Dennis Leahy (7th June 2015), enfoldedblue (5th June 2015), Flash (6th June 2015), GaelVictor (5th June 2015), Harmony (18th September 2021), Hervé (6th June 2015), hohoemi (5th June 2015), Jayke (18th September 2021), Jean-Marie (5th June 2015), Joao (5th June 2015), kfm27917 (19th September 2021), Lefty Dave (5th June 2015), LoneWolf76 (5th June 2015), meat suit (5th June 2015), mountain_jim (18th September 2021), NancyV (6th June 2015), naste.de.lumina (5th June 2015), Rollo (5th June 2015), Snoweagle (6th June 2015), sunflower (6th June 2015), Valle (5th June 2015), Wind (5th June 2015)

  3. Link to Post #2
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,581
    Thanks
    30,501
    Thanked 138,435 times in 21,490 posts

    Default Re: SQRL: The end of web site passwords - in our lifetime

    Here's the original Security Now! podcast, from October of 2013, when Steve Gibson first announces SQRL, starting at 37.08 into the video:


    Here's a talk given at HTML5DevConf, just three weeks after the above, explaining SQRL to a wider audience of web security people:
    My quite dormant website: pauljackson.us

  4. The Following 6 Users Say Thank You to ThePythonicCow For This Post:

    aranuk (5th June 2015), Bill Ryan (18th September 2021), Dennis Leahy (7th June 2015), GaelVictor (5th June 2015), Hervé (6th June 2015), Valle (5th June 2015)

  5. Link to Post #3
    Sweden Avalon Member
    Join Date
    3rd February 2012
    Posts
    147
    Thanks
    636
    Thanked 716 times in 132 posts

    Default Re: SQRL: The end of web site passwords - in our lifetime

    Thank you, a smart solution.

  6. The Following User Says Thank You to Valle For This Post:

    Bill Ryan (18th September 2021)

  7. Link to Post #4
    Avalon Member Carmody's Avatar
    Join Date
    19th August 2010
    Location
    Winning The Galactic Lottery
    Posts
    11,389
    Thanks
    17,597
    Thanked 82,316 times in 10,234 posts

    Default Re: SQRL: The end of web site passwords - in our lifetime

    Quote and then doing something such as taking a camera shot of a QR code displayed on a websites home page with your phone camera.
    1995, Johnny Mnemonic - a sequence of relatively random images as the encryption key.
    Interdimensional Civil Servant

  8. The Following 3 Users Say Thank You to Carmody For This Post:

    Bill Ryan (18th September 2021), Hervé (6th June 2015), ThePythonicCow (6th June 2015)

  9. Link to Post #5
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,581
    Thanks
    30,501
    Thanked 138,435 times in 21,490 posts

    Default Re: SQRL: The end of web site passwords - in our lifetime

    Here's a talk that Steve Gibson gave himself, a half year ago (Nov 2014), on SQL:
    My quite dormant website: pauljackson.us

  10. The Following 3 Users Say Thank You to ThePythonicCow For This Post:

    Bill Ryan (18th September 2021), Hervé (6th June 2015)

  11. Link to Post #6
    India Avalon Member Gurudatt's Avatar
    Join Date
    5th June 2015
    Location
    NA NANA
    Age
    54
    Posts
    133
    Thanks
    76
    Thanked 416 times in 106 posts

    Default Re: SQRL: The end of web site passwords - in our lifetime

    Love and Peace
    Last edited by Gurudatt; 26th June 2015 at 13:24.

  12. The Following User Says Thank You to Gurudatt For This Post:

    Bill Ryan (18th September 2021)

  13. Link to Post #7
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,581
    Thanks
    30,501
    Thanked 138,435 times in 21,490 posts

    Default Re: SQRL: The end of web site passwords - in our lifetime

    testing 7 8 9



    === ===

    P.S. -- I couldn't use the Sandbox thread for this test, because I needed to post it in a sub-forum that was Guest accessible, so I chose some old, inactive, geeky thread, that I had created years ago. But it is a new and interesting Benjamin Fulford video, non the less.
    Last edited by ThePythonicCow; 18th September 2021 at 08:09.
    My quite dormant website: pauljackson.us

  14. The Following 5 Users Say Thank You to ThePythonicCow For This Post:

    Bill Ryan (18th September 2021), Ernie Nemeth (18th September 2021), gord (18th September 2021), Jayke (18th September 2021), mountain_jim (18th September 2021)

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts