Talk:SQRL

Computing Unassessed Low‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles ??? This article has not yet received a rating on Wikipedia's content assessment scale. Low This article has been rated as Low-importance on the project's importance scale.

Hi, this is my first new article. There is scope for several bullet points between "Motivation" and "Example use case" for more information about the workings of the protocol.Dagelf (talk) 13:09, 15 October 2013 (UTC)[reply]

This was added to the article:

Much like the more conventional username-and-password solution, SQRL authentication is potentially vulnerable to a Man-in-the-middle attack (aka "phishing"). Unlike usernames and passwords, SQRL limits the scope of the breach insomuch as the attacker only gains one authenticated session, rather than an unlimited number of future sessions and furthermore removes the possibility for the attacker to change the password (effectively locking out the user indefinitely).

I'd like to see some source for this as it seems to be based on old information and doesn't adequately describe the phishing protections it does have, unlike any other authentication. https://www.grc.com/sqrl/phishing.htm Also, to call it a limitation is to suggest that authentication "should" protect against this, which no other authentication does. An opinion shouldn't presented in a section title. It would be more appropriate to call the phishing protections an advantage over every other authentication method. A limitation is to suggest other methods can do this, but this one can't. Morphh ^(talk) 22:20, 3 November 2013 (UTC)[reply]