- From: Matt Morgan <matt@concretecomputing.com>
- Date: Wed, 16 Oct 2013 08:32:26 -0400
- To: public-webpayments@w3.org
I'll gladly make fun of QR codes as much as anyone, but the reason they deserve derision is mainly that they're so poorly used. Like ads with QR codes on the subway, where one has no connection to the URL they link to. Brilliant. On the other hand if there was ever a good use for them, we shouldn't dismiss that smart use just because all the other uses were so lame. The thing is, SQRL is not as great an idea as it sounds at first. There's a really good discussion on it at StackExchange: http://security.stackexchange.com/questions/43374/could-sqrl-really-be-as-secure-as-they-say Check out, in particular, the first two high-rated answers. The answer from user tyleri I think is especially useful; the main point being that compared to proper use of keepass or lastpass, for example, SQRL differs mainly in that your entire online identity is kept on your smartphone, which can easily get lost or stolen. It's harder for someone to get full control over your keepass db, especially if you keep it in a dropbox folder or something like that. On the other hand, the arguments in favor of SQRL are more along the lines of "how many people are actually capable of using keepass properly? Isn't SQRL more likely to be used by more people?" And the counter-argument to that is "OK, but if we're talking about people who don't understand how it works, they'll be more susceptible to MITM attacks and social engineering." Basically, it's one of those ideas that sounds good until you stress-test it. Best, Matt On 10/16/2013 04:24 AM, Jason Grant wrote: > I agree on technophilic fad, and as UX person I talk customers out of > QR codes whenever they suggest it. There is even a UX Tumblr feed > called 'Pictures of people scanning QR codes' with nothing on it as > set up to make a point that noone 'normal' understands or cares about > these things. http://picturesofpeoplescanningqrcodes.tumblr.com/ > > > > > On Tue, Oct 15, 2013 at 7:33 PM, Kumar McMillan <kmcmillan@mozilla.com > <mailto:kmcmillan@mozilla.com>> wrote: > > > On Oct 14, 2013, at 4:05 PM, Jeffrey Cliff > <jeffrey.cliff@gmail.com <mailto:jeffrey.cliff@gmail.com>> wrote: > >> http://www.reddit.com/r/Bitcoin/comments/1oe8wg/sqrl_revolutionizes_web_site_login/ >> <http://www.reddit..com/r/Bitcoin/comments/1oe8wg/sqrl_revolutionizes_web_site_login/> >> >> >> With all the talk abut authentication and identity, is there any >> value in looking at what SQRL is doing for these purposes? It >> seems relevant. > > This concept of federated login whereby the user grants access to > each site is nearly identical to Mozilla Persona: > http://www.mozilla.org/en-US/persona/ The difference with Persona > is that you'd only have to click a "sign in" button instead of > take a picture of a QR code with your phone. You won't have to > re-enter your login details after the first login with Persona, > you just review the requesting site's info and grant access. > >> >> -- >> GENERATION 26: The first time you see this, copy it into your sig >> on any forum and add 1 to the generation > > > > > -- > Jason Grant BSc [Hons], MSc [Hons] > Customer Experience Architect & CEO > Flexewebs Ltd. > > www.flexewebs.com <http://www.flexewebs.com> > jason@flexewebs.com <mailto:jason@flexewebs.com> > +44 (0)7748 591 770 > > www.linkedin.com/in/flexewebs <http://www.linkedin.com/in/flexewebs> > www.twitter.com/flexewebs <http://www.twitter.com/flexewebs>
Received on Wednesday, 16 October 2013 12:32:57 UTC