
SQRL: Secure Quick Reliable Login - johndcook
https://www.grc.com/sqrl/sqrl.htm
======
billyhoffman
[sigh]

Steve Gibson, the man who claimed Windows raw sockets would destroy the
internet and doesn’t understand how SYN cookies can stop DoS attacks has a
solution for all my authentication and authorization needs? Well hot damn, let
me click past his impassioned plea that the world needs hand coded x86
assembly disk utilities in 2019, and see what he has to say...

...And 2 pages into the PDF I’m out.

The sole thing keeping Steve Gibson from being this weeks Dunning-Kruger
poster boy of technical security bullshit is that is someone decided to sue
Blackhat after claiming numerology breaks modern crypto.

Snark and bitterness aside, Please stop giving this man a platform. It’s hard
enough getting organizations to make a rational cost benefit analysis based
security decisions. His noise is making things worse.

------
Hnrobert42
Good lord. That page is like something out of the late 1800s. I expect some
guy with a tophat and a waxed mustache to pop up saying “What you got here is
a bonafied, superfied, securitized login experience.”

SQRL may be great, but presentation counts. Presenting documentation as giant
PDFs with no internal linking?

But I really got turned off when I read that it only does single-factor login.

~~~
jjeaff
Wouldn't it be dual factor by default? You need your device with sqrl and you
need a password to use sqrl.

So it's something you know and something you have.

------
function_seven
So I’ve been listening to Security Now for years, and SQRL has been something
I’ve followed along with. But I never see it discussed elsewhere.

Is there some fatal flaw with Steve’s idea? It sounds great to me, but I’m no
cryptographer.

