- cross-posted to:
- cyberbezpieczenstwo@szmer.info
- cross-posted to:
- cyberbezpieczenstwo@szmer.info
SQRL is solving lot’s of these problems without needing to keep state (there is no per-site state) in sync: https://sqrl.grc.com/pages/what_is_sqrl/
This seems like it requires websites to allow using sqrl identities. Is that correct?
yes, they have to keep 2 more tokens (or so) and add support
I can’t find any technical information on that site. Just reading it makes it sound basically like an SSO solution except the third party is software you run or some cryptography instead of a third party. However I would like to read the technical details.
No, it does not require a login portal or so. All you need to do is to support it on the website and it requires client side software (e.g. Android application) but that does not require any data sync after it is set up. It does not replace SSO, just the use of password to log in.
To many technological illiterate people I have suggested using a password manager (bitwarden) but turns out they already have a password manager: Google. They have Chrome store and sync their passwords. Not sure if it allows generating strong passwords though.
I’m pretty sure that Chrome’s built-in password manager recommends random passwords for new sites.
Honestly I usually recommend the built-in password manager to people. That way they font need to set up anything new. Chrome’s isn’t great because it isn’t end-to-end encrypted but it is way better than not using one and works pretty seamlessly. Plus it also works on Android. Firefox’s password manager is fantastic but takes a little work to set up in Android.