That's also a nice protocol, but I think it requires too many extra things (mobi... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

stavros on Feb 10, 2015 | parent | context | favorite | on: I Am Releasing Ten Million Passwords

That's also a nice protocol, but I think it requires too many extra things (mobile phone, net connection, etc). Plus, what if your key gets stolen?

function_seven on Feb 10, 2015 [–]

It doesn't require a mobile phone. A client on your desktop can handle the authentication.

There's also a mechanism[1] to change your master key should it become compromised. Looks like a huge drawback is that it requires you to store an offline "Identity Unlock Key" somewhere.

[1] https://www.grc.com/sqrl/idlock.htm

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact