I'm annoyed that Steve Gibson's SQRL zero-password login spec never took off, and honestly I blame him for creating the thing and basically abandoning it on day one. Tons of potential there, but...
I'm annoyed that Steve Gibson's SQRL zero-password login spec never took off, and honestly I blame him for creating the thing and basically abandoning it on day one. Tons of potential there, but it's like he got bored and went back to tinkering with SpinRite. I say that as a huge fan of his Security Now podcast for many years.
In the right hands, SQRL could've been a game-changer. Honestly it still could, if proper advocates took notice of it.
My favorite is when different interfaces to the same service accept different password lengths / restrictions. For instance: I cannot log into my Southwest account on my phone even when...
My favorite is when different interfaces to the same service accept different password lengths / restrictions.
For instance: I cannot log into my Southwest account on my phone even when copy-pasting the password from KeePass… the same password that works just fine on desktop.
I'm annoyed that Steve Gibson's SQRL zero-password login spec never took off, and honestly I blame him for creating the thing and basically abandoning it on day one. Tons of potential there, but it's like he got bored and went back to tinkering with SpinRite. I say that as a huge fan of his Security Now podcast for many years.
In the right hands, SQRL could've been a game-changer. Honestly it still could, if proper advocates took notice of it.
Some information about how to protect yourself from a SIM swap attack:
https://techgenix.com/sim-swapping-fraud/amp/
I don't mind passwords so long as sites don't have stupid restrictions on them like requiring special symbols or numbers.
I don't mind passwords so long as sites don't have silly restrictions on them like forbidding symbols.
Have you encountered anywhere that allows emoji in passwords?
I've always thought that would be a good way to add entropy.
What's stopping it from working generally beyond sites testing and rejecting it?
Also turns out Tildes does support it.
My favorite is when different interfaces to the same service accept different password lengths / restrictions.
For instance: I cannot log into my Southwest account on my phone even when copy-pasting the password from KeePass… the same password that works just fine on desktop.