The tragedies of missing Lucario Day.

#Furry #Lucario #Sqrl

We as a society need to have a conversation about passwords, and the urgent task of LEAVING THEM BEHIND.

They are barbarous relics of a bygone age. We have better technology. Free/libre, #opensource, peer-reviewed and community-beloved: #SQRL https://en.wikipedia.org/wiki/SQRL

The only problem is, #GAFAM doesn't like the fact that it makes #surveillance harder.

Making headway. Couple days turned into a week. How'd that happen.
Oh right, maybe the scrapping-everything-several-times had a part in that.
But another couple days and we'll have a teaser, SURELY.

#animation #blender #blender3d #squirrel #SQRL

Starting a "video-game" "project". Here's a still that I'll be animating the next couple days for a little teaser sort of thing.
After that I'll be diving in Unity and either sink or swim :)

#blender #blender3d #SQRL #3d

@thoughtpunks just FYI

https://youtu.be/efPYmr63wHU

#sqrl #ProfessorElemental #chapHop

@thoughtpunks just FYI

https://youtu.be/efPYmr63wHU

#sqrl #ProfessorElemental #chapHop

Happy #SquirrelAppreciationDay
#Squirrel #Squirrels #Sqrl

https://vimeo.com/147278881

Happy #SquirrelAppreciationDay
#Squirrel #Squirrels #Sqrl

https://vimeo.com/149997851

Happy #SquirrelAppreciationDay
#Squirrel #Squirrels #Sqrl

https://vimeo.com/147275135

Happy #SquirrelAppreciationDay
#Squirrel #Squirrels #Sqrl

https://vimeo.com/147273364

Security folks - is there a reason https://en.wikipedia.org/wiki/SQRL?wprov=sfti1 isnt more widely considered by companies? Why keep using username / password methodology which we know will fail and on top we force users to rotate BECAUSE we know it fails. #lastpass #sqrl. We eventually switched to https why not tack on a better authentication experience…

@sweis from what I've heard on SecurityNow, there it's a HUGE drawback... dependency on a provider and they are non interoperable. Sure there's a standard, but you can't move your account, so you're locked into either Apple or Google, or worse, both at the same time and you have to trust them.

As odd a duck as #SQRL is, it sounds like a much better system and what FIDO was originally trying to be, when they gave up on forcing the use of physical tokens.

Cc: @leo

@hexorg Take a look at how SQRL does this, deriving secret information per site in a similar manner, but allows for master password change and password rotation per site too. Extremely clever and hits all the esge cases. Extremely well documented and working code exists. #SQRL #infosec

@hacks4pancakes #SQRL #infosec

Please, this problem is solved - let's just all use SQRL !!!

https://www.grc.com/sqrl/SQRL_Explained.pdf

@seb #SQRL also derives passwords from a master key https://en.wikipedia.org/wiki/SQRL

@sjanes @pcrock I had forgotten about #sqrl and have been waiting for #webauthn to gain traction. Given the heavy weights behind webauthn that seems like the standard that has a better chance, for better or worse. Recovery will always remain a challenge for the general user. Either way, I hope we get something better than passwords soon (though I've been very happy with #bitwarden_rs in the mean time).

I really like the idea of #sqrl. Seems like a promising way of eliminating usernames / passwords, protecting privacy, making life easier for users, and doing so with a relatively simple open standard.

Initial setup might need some improvement before it could gain widespread adoption (on the Android app at least), but at first glance, this seems legit.

https://www.grc.com/sqrl/sqrl.htm

https://medium.com/swlh/what-is-secure-remote-password-srp-protocol-and-how-to-use-it-70e415b94a76
Different but principle looks like https://www.grc.com/sqrl/sqrl.htm #security #password #SQRL #SRP

So as a follow up to anyone that's interested, I've had some feedback from Karol Babioch (@kbabioch) author of https://docplayer.net/53523762-Fakultat-fur-informatik-security-analysis-and-implementation-of-the-sqrl-authentication-scheme.html (thanks @erAck for sharing) who also worked with the SQRL team.

In short, #SQRL sounded cool when it was conceived 5 years ago, but it never lifted off. Nowadays, there are more mature standards backed by bigger companies to achieve strong lone factor authentication.

So take a look at #FIDO (https://fidoalliance.org/about/what-is-fido/), and related #U2F and #WebAuthn.

@erAck

From that Thesis (I have yet to finish it), there's a link to the open newsgroup where people interested in #sqrl can and have been discussing. Although it's hosted by Gibson Research, the discussions here could be proof of good will.

https://www.grc.com/groups/sqrl