SQRL "Show Off" Show

Steve had been saying for the longest time that once SQRL was done (which it now appears to be), he planned to come to Petaluma and do a show with Leo (and at the time he said Padre and Mike Elgin) to show off how it works, and to allow the hosts to try and “poke holes” in the system.

I can’t find this show in the archives anywhere. Was it released as a special instead? Or do we know when it is scheduled for?

I believe it was mentioned in the most recent Security Now (though that may have been pre/post show.) It’s scheduled for Nov, just before Leo returns.

1 Like

Thanks. I am a few episodes behind, which is why I was unaware.

I am excited for that show, and then for Steve to get SpinRite 6.1 out.

I was excited for SQRL when I thought it would take a year. Five years later, I am less excited that SQRL will make a dent because inertia seems really hard to overcome, and I REALLY wish SpinRite worked on any of my current hardware. (UEFI and USB3/4 support being key.)

My guess is Steve had no budgets, deadlines, or anything else, so he could work on it whenever he felt like, and could keep fiddling with it until he felt it was ‘perfect’. If SQRL would have been built by a corporation with budgets, deadlines and who had to answer to a board, I bet it would’ve been out in a year - and had major websites already ready to support it.

I think SQRL was a ‘hobby project’ for Steve. I have projects I’ve announced a long time ago, and am still working on for the same reasons.

Have you tried it yet? If you want to get some experience with it, come on over to the Xenforo forums at https://sqrl.grc.com/ where you can set up your account using SQRL. You may recognize my user ID over there too :wink:



I will say this in Steve’s defense: if a corporation developed SQRL, there would be far more time pressure for the project to make a profit, and there would be less attention paid to the security details. It definitely would have been nice if SQRL was completed sooner, but Steve also has other priorities, including working on SpinRite because that’s what people pay him for.

1 Like

Yes, I have tried it. I signed up for the GRC forum with it. It was…neat. Interesting idea, but the desktop software looks antiqued, and it has a long way to go for mainstream adoption I think.

If Steve could get it implemented into the major password managers - LastPass, 1Password, etc. it might help adoption quite a bit. But it’s a chicken and egg problem. He needs site to adopt it before password managers will look at it, but sites won’t integrate it until users are already using it.

Correct me if I am wrong, but wasn’t SpinRite work put on hold for SQRL?


Yeah, true. But that notwithstanding, the fact of the matter is that if SQRL was developed by a bigger company in order to speed its development along, the important security details would be a lower priority to the company. I wouldn’t want anyone but Steve working on SQRL. I wouldn’t trust any big tech company with something like SQRL.

Passwords have been around long before Steve started working on SQRL. If there is any inertia that is blocking widespread adoption of SQRL, that inertia has been around longer than SQRL has.

Good points. I wouldn’t trust a company like Google, Microsoft, Apple or Amazon, but I was more thinking an organization like Mozilla.

1 Like

A company like Mozilla might be able to pull off something like SQRL. They might be one of the only big organizations I would trust.

Mozilla would also be able to get it implemented into the browser natively, give it a better UI than the current SpinRite apps, and probably get a good number of big sites on board with it at launch too.

Yes, I didn’t intend to imply otherwise. But if the only place I care to use it is Steve’s forums, then it’s basically pointless as far as I am concerned. It NEEDS to be adopted at at least a few sites that are widely popular or it will likely just end up as a footnote in history.


I totally agree @PHolder. Steve has spent a lot of time creating GRC, and doing all the engineering work to make it secure and get it to where it is today.

The part he didn’t do well (yet) which I was hoping for, was to drum up support. Steve took what I would call the “developer’s approach”, or as one of my colleagues calls it - the “GITHub” approach. He put out a working code base and documentation, and hopes others see the benefit in it, and implement it in their own projects. There are lots of projects on GitHub that toil in obscurity for this reason.

Now that the engineering work is done, I think GRC needs go and pitch this software to major “partners” who might see the value in it, and implement it. If GRC can say “We have this new identity solution, and Twitter, PHPBB, WordPress, XENFORO, Discord, etc all have it implemented…” that’s a lot more compelling.

SQRL right now reminds me of OpenID (back in the day) in a lot of ways. It’s a ‘geek solution’ to the password problem, but at this point the implementation and use isn’t something the general public will be interested in.

TWiT show calendar says Saturday 30th November. I think Leo will be back by then.


These exist. The question is whether anyone of consequence uses those platforms.

Xenforo no, but WordPress yes.

Wut? Steve’s forums RUN on Xenforo.