G+_Damian Mongru Posted April 11, 2015 Share Posted April 11, 2015 I know people will shout 'SQRL' or biometrics, but in the meantime is Snowden's take on passwords. Link to comment Share on other sites More sharing options...
G+_Mike Trieu (MegasChara) Posted April 11, 2015 Share Posted April 11, 2015 Hadn't heard of SQRL before, but now that I've researched it, it sounds just like SuperGenPass, but now vulnerable to XSS, much like the original SGP bookmarklet. More browsers, OSes, and people should adopt U2F/UAF in general. It's agnostic to the user-facing authN mechanism (Yubikey, fingerprint, iris, OTP, etc.). Link to comment Share on other sites More sharing options...
G+_Scott Sander Posted April 11, 2015 Share Posted April 11, 2015 SQRL shows a lot of promise. One of the primary guys that developed FIDO said that SQRL was the most well thought out authentication scheme he's ever seen, even including his own FIDO. That said, it's very new and isn't really used anywhere yet and it remains to be seen if it will survive attempts to exploit unforeseen vulnerabilities. In the meantime, I use 2FA anywhere I can and use KeePass to store my crazy-long passwords for sites (a different one for each site). I also try to use the high ASCII characters on sites that support them. Link to comment Share on other sites More sharing options...
Recommended Posts