szimszon
Oct 18, 2013, 8:53:54 AM10/18/13
to web2py-d...@googlegroups.com
Hello All!
https://www.grc.com/sqrl/sqrl.htm
It's an interesting idea. What do you think?
"With Secure QR Login, your phone snaps
the QR code displayed on a website's login
page . . . . and YOU are securely logged in. "
"
Some implementations: https://www.grc.com/sqrl/implementations.htm
* drupal sandbox
* php server side implementation
* wordpress plugin
etc.
https://www.grc.com/sqrl/sqrl.htm
It's an interesting idea. What do you think?
"With Secure QR Login, your phone snaps
the QR code displayed on a website's login
page . . . . and YOU are securely logged in. "
"
Wishing to login to an online service where an “SQRL” code appears nearby:
- The user launches their smartphone's SQRL app, and lets it see the QR code.
(Or a smartphone / tablet user taps it. Or a laptop / desktop user clicks on it.) - For verification, the SQRL app displays the domain name contained in the SQRL code.
- After verifying the domain, the user permits the SQRL app to authenticate their identity.
- Leaving the login information blank, the user clicks the “Log in” button... and is logged in.
(A bit of page automation could even eliminate the need to click the “Log in” button.)
Some implementations: https://www.grc.com/sqrl/implementations.htm
* drupal sandbox
* php server side implementation
* wordpress plugin
etc.
Niphlod
Oct 18, 2013, 3:06:01 PM10/18/13
to web2py-d...@googlegroups.com
sounds good as a plugin, if you're willing to code it.
Jonathan Lundell
Oct 18, 2013, 9:09:57 PM10/18/13
to web2py-d...@googlegroups.com
On 18 Oct 2013, at 12:06 PM, Niphlod <nip...@gmail.com> wrote:
sounds good as a plugin, if you're willing to code it.
I think it's very, very promising. Needs to settle on a standard, though.
Massimo DiPierro
Oct 18, 2013, 9:14:11 PM10/18/13
to web2py-d...@googlegroups.com
I like it. Definitively we should support it. Yet it assumes the users have a SQRL app so it is for intranet apps, not for public apps.
--
-- mail from:GoogleGroups "web2py-developers" mailing list
make speech: web2py-d...@googlegroups.com
unsubscribe: web2py-develop...@googlegroups.com
details : http://groups.google.com/group/web2py-developers
the project: http://code.google.com/p/web2py/
official : http://www.web2py.com/
---
You received this message because you are subscribed to the Google Groups "web2py-developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py-develop...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Jonathan Lundell
Oct 18, 2013, 9:29:27 PM10/18/13
to web2py-d...@googlegroups.com
On 18 Oct 2013, at 6:14 PM, Massimo DiPierro <massimo....@gmail.com> wrote:
I like it. Definitively we should support it. Yet it assumes the users have a SQRL app so it is for intranet apps, not for public apps.
SQRL apps will be free (and mostly open source, it appears). No reason that I can see not to use it for public apps.
Walter Summonte
Nov 14, 2013, 2:29:29 AM11/14/13
to web2py-d...@googlegroups.com
Hi all,
really i do not understand all this interest on old idea just restiled using QRCode to pass input data.
The Challenge Response (http://tools.ietf.org/html/rfc6287) is standardized and give simplest way to implement this kind of security.
The trick to derive the url/pass/etc .. by a resulted response ... it's just a smart way to use the same concept.
This solution is just a reinvented weel (square imho)
Using a simple Challenge/Response extension in Google authenticator will give a simplest and better result.
Bye Walter
really i do not understand all this interest on old idea just restiled using QRCode to pass input data.
The Challenge Response (http://tools.ietf.org/html/rfc6287) is standardized and give simplest way to implement this kind of security.
The trick to derive the url/pass/etc .. by a resulted response ... it's just a smart way to use the same concept.
This solution is just a reinvented weel (square imho)
Using a simple Challenge/Response extension in Google authenticator will give a simplest and better result.
Bye Walter
Jonathan Lundell
Nov 15, 2013, 2:48:45 PM11/15/13
to web2py-d...@googlegroups.com
On 13 Nov 2013, at 11:29 PM, Walter Summonte <wal...@summonte.com> wrote:
> Hi all,
> really i do not understand all this interest on old idea just restiled using QRCode to pass input data.
> The Challenge Response (http://tools.ietf.org/html/rfc6287) is standardized and give simplest way to implement this kind of security.
> The trick to derive the url/pass/etc .. by a resulted response ... it's just a smart way to use the same concept.
> This solution is just a reinvented weel (square imho)
>
> Using a simple Challenge/Response extension in Google authenticator will give a simplest and better result.
I think you might be missing the point of SQRL. OCRA requires a shared secret; SQRL does not.
> Hi all,
> really i do not understand all this interest on old idea just restiled using QRCode to pass input data.
> The Challenge Response (http://tools.ietf.org/html/rfc6287) is standardized and give simplest way to implement this kind of security.
> The trick to derive the url/pass/etc .. by a resulted response ... it's just a smart way to use the same concept.
> This solution is just a reinvented weel (square imho)
>
> Using a simple Challenge/Response extension in Google authenticator will give a simplest and better result.
>
> Bye Walter
>
>
>
>
> Il giorno venerdì 18 ottobre 2013 14:53:54 UTC+2, szimszon ha scritto:
> Hello All
>
> https://www.grc.com/sqrl/sqrl.htm
>
> It's an interesting idea. What do you think?
>
> "With Secure QR Login, your phone snaps
> the QR code displayed on a website's login
> page . . . . and YOU are securely logged in. "
>
> "
> Wishing to login to an online service where an “SQRL” code appears nearby:
> • The user launches their smartphone's SQRL app, and lets it see the QR code.
> (Or a smartphone / tablet user taps it. Or a laptop / desktop user clicks on it.)
> • For verification, the SQRL app displays the domain name contained in the SQRL code.
> • After verifying the domain, the user permits the SQRL app to authenticate their identity.
> • Leaving the login information blank, the user clicks the “Log in” button... and is logged in.
> (A bit of page automation could even eliminate the need to click the “Log in” button.)
> "
>
> Some implementations: https://www.grc.com/sqrl/implementations.htm
> * drupal sandbox
> * php server side implementation
> * wordpress plugin
> etc.
>
>
>
> It's an interesting idea. What do you think?
>
> "With Secure QR Login, your phone snaps
> the QR code displayed on a website's login
> page . . . . and YOU are securely logged in. "
>
> "
> Wishing to login to an online service where an “SQRL” code appears nearby:
> • The user launches their smartphone's SQRL app, and lets it see the QR code.
> (Or a smartphone / tablet user taps it. Or a laptop / desktop user clicks on it.)
> • For verification, the SQRL app displays the domain name contained in the SQRL code.
> • After verifying the domain, the user permits the SQRL app to authenticate their identity.
> • Leaving the login information blank, the user clicks the “Log in” button... and is logged in.
> (A bit of page automation could even eliminate the need to click the “Log in” button.)
> "
>
> Some implementations: https://www.grc.com/sqrl/implementations.htm
> * drupal sandbox
> * php server side implementation
> * wordpress plugin
> etc.
>
>
Reply all
Reply to author
Forward
0 new messages