Talk:SQRL
Appearance
Computing Unassessed Low‑importance | ||||||||||
|
More headings; First Article
Hi, this is my first new article. There is scope for several bullet points between "Motivation" and "Example use case" for more information about the workings of the protocol.Dagelf (talk) 13:09, 15 October 2013 (UTC)
Limitations
This was added to the article:
Much like the more conventional username-and-password solution, SQRL authentication is potentially vulnerable to a Man-in-the-middle attack (aka "phishing"). Unlike usernames and passwords, SQRL limits the scope of the breach insomuch as the attacker only gains one authenticated session, rather than an unlimited number of future sessions and furthermore removes the possibility for the attacker to change the password (effectively locking out the user indefinitely).
- I'd like to see some source for this as it seems to be based on old information and doesn't adequately describe the phishing protections it does have, unlike any other authentication. https://www.grc.com/sqrl/phishing.htm Also, to call it a limitation is to suggest that authentication "should" protect against this, which no other authentication does. An opinion shouldn't presented in a section title. It would be more appropriate to call the phishing protections an advantage over every other authentication method. A limitation is to suggest other methods can do this, but this one can't. Morphh (talk) 22:20, 3 November 2013 (UTC)