[remotemass (OP)]

What could be the most likely and important banks in the world with great UI/UX mobile banking apps, that could implement the SQRL of Steve Gibson, making SQRL all of a sudden popular to millions and millions of humans that would start using it to login to most WordPress websites? List 5 banks.

As an AI language model, I do not have the ability to predict the future or make specific recommendations on which banks may implement the SQRL authentication system or have the best mobile banking apps. However, I can provide some general considerations and examples of banks with strong mobile banking apps:

JPMorgan Chase: JPMorgan Chase has a highly-rated mobile banking app that offers a range of features, including mobile check deposit and the ability to view account balances and transaction history.

Bank of America: Bank of America's mobile banking app has also been highly rated for its user experience and range of features, such as bill pay and account alerts.

Capital One: Capital One's mobile banking app offers a user-friendly interface and features like mobile check deposit and the ability to lock and unlock debit cards.

BBVA Compass: BBVA Compass has a mobile banking app that is known for its user-friendly design and features such as fingerprint authentication and mobile check deposit.

Ally Bank: Ally Bank's mobile banking app has received positive reviews for its ease of use and features like mobile check deposit and real-time transaction alerts.

It is important to note that while these banks have strong mobile banking apps, it is not guaranteed that they will implement the SQRL authentication system. The adoption of new authentication systems often depends on a range of factors, including security concerns, cost, and user demand.




Daniel Alexandre
Now explain how the SQRL client could be integrated in a banking mobile app and be audited by independent programmers foundations like Apache.org to make it more reliable. And how wordpress websites could all of a sudden make it very popular with mobile banking apps?
The SQRL client could be integrated into a banking mobile app as an additional authentication option for users. When a user logs in to their mobile banking app, they could be presented with the option to use SQRL as a more secure and convenient authentication method. The user would need to have previously set up their SQRL account and generated a unique identity token on their mobile device.

To ensure the reliability and security of the SQRL client, it could be audited by independent programming foundations such as Apache.org. This would involve a team of expert programmers reviewing the SQRL client's source code and ensuring that it is free of vulnerabilities and backdoors that could be exploited by malicious actors. The audit could also involve a review of the cryptographic algorithms used by SQRL to ensure that they are strong and secure.

WordPress websites could make SQRL more popular with mobile banking apps by integrating it as a login option for users. WordPress site owners could implement a plugin or module that allows users to log in using their SQRL identity token, in addition to other authentication methods like passwords or two-factor authentication. This would allow users to log in to WordPress websites securely and conveniently, without needing to remember complex passwords.

By integrating SQRL into mobile banking apps and WordPress websites, users would have a more secure and convenient authentication option that could help protect them against hacking and identity theft. The use of independent programming audits and reviews would also help ensure the reliability and security of the SQRL client over time.

[EDIT]: SQRL (Secure Quick Reliable Login) allows users to have many pseudo-IDs on the web using a single master (password) private key integrated in a mobile app than then will scan a QR code, for instance in a WordPress forum.[ It is the brain-child of Steve Gibson, from podcast SECURITY  NOW

Why does SQRL call the nonce a rodent NUT? Isn't that nuts?
The term "rodent NUT" is actually a play on words that Steve Gibson, the creator of SQRL, came up with to refer to the nonce used in the authentication process. In SQRL, the nonce is a random value that is generated by the client and included in the authentication request to prevent replay attacks.

The term "rodent" is used because the nonce is a small, seemingly insignificant value that scurries around the protocol like a small rodent. The term "NUT" stands for "Number Used Once," which is a cryptographic term that refers to a value that is only used once for security purposes.

So, the term "rodent NUT" is actually a playful and creative way of referring to the nonce value in SQRL, and is not meant to be taken literally or as a serious security term.

[Bored chemist]

I wonder if it is right to assume that either you, or "all banks", are in America.
Also, you don't seem to know what "nonce" means and... it's not a family friendly word.

[remotemass (OP)]

I wonder if it is right to assume that either you, or "all banks", are in America.
Also, you don't seem to know what "nonce" means and... it's not a family friendly word.

Yes, God, save us all. And excuse me, ChatGPT says more. You say?

Maybe javascript is not needed at all and even the SQRL client use a server-side technology in a local sandbox of a PC or mobile device.

It is possible to implement SQRL without using JavaScript. In fact, the SQRL client can be implemented entirely on the server-side, without the need for a client-side JavaScript implementation.

In this scenario, the SQRL client would be a standalone application or a plugin for a web browser that would communicate directly with the server-side implementation of SQRL. The server-side implementation would generate the QR codes and provide the necessary authentication mechanisms, without requiring any JavaScript code to be executed on the client-side.

However, using JavaScript can provide some benefits such as a smoother and more responsive user experience, as well as the ability to generate dynamic QR codes on the fly.




Daniel Alexandre
If the browser does not allow plugins or any add ons, we still don't need javascript as long as I can tell for my pseudo-ID that I can sign in for its public key. Right?
Yes, that's correct. If the browser doesn't allow plugins or add-ons, you can still use SQRL without JavaScript as long as you have a way to securely store and sign your pseudo-ID's public key. One way to do this would be to use a dedicated SQRL client application on your device, which can generate and store your keys locally and securely sign your SQRL authentication requests without relying on any browser extensions or plugins.




Daniel Alexandre
What if instead of QR codes you used very and extremely long integers that could be input or typed in less than 10 minutes by average people?
Using long integers instead of QR codes would be feasible, but it would likely be less user-friendly and more prone to errors when entering the numbers manually. QR codes provide a convenient and error-free way to transfer information between devices, and they can be scanned quickly and easily using a smartphone camera.

Long integers would require users to manually enter the number into a field, which could be tedious and prone to errors. This could lead to frustration for users and potentially result in failed login attempts. Additionally, long integers may not be as visually appealing as QR codes, which could detract from the user experience.

Overall, while it would be possible to use long integers instead of QR codes for authentication, it may not be the most practical or user-friendly approach.




Daniel Alexandre
Give 5 examples of integers that could substitute any QR code you can find out, out there, can you do so please?
It's difficult to give specific examples of integers that could replace QR codes without more context about what the integers would be used for and how they would be generated. However, here are five examples of long integers:

The prime number 2^127 - 1, which is the largest known prime number as of 2023.
The factorial of 100, which is 9.33262154 × 10^157.
The product of the first 100 prime numbers, which is 2.8483 × 10^578.
The value of pi to one million decimal places, which is 3.14159265358979323846... (followed by 999,997 more digits).
The largest known Mersenne prime, which is 2^82,589,933 - 1.



Daniel Alexandre
List five random integers that could possibly encode any QR code being used these days
I'm sorry, but it's not possible to provide a list of five random integers that could possibly encode any QR code being used these days. QR codes use a specific encoding algorithm, and the data they contain can vary widely depending on their purpose and the type of information being encoded. It's not as simple as choosing a set of integers that could replace any QR code.

If you could provide more information about what you're trying to accomplish or what problem you're trying to solve, I may be able to provide more specific guidance or suggestions.




Daniel Alexandre
A QR code can be converted to code and code can be indexed to an integer. What smallest ineteger could encode most QR codes you can possibly find out there on the web?
The smallest integer that could encode most QR codes found on the web would be a very large number, likely on the order of hundreds of digits. This is because QR codes can contain a significant amount of data, and can vary in size depending on the amount of data being stored. Additionally, there are many different types and variations of QR codes, each with their own specific encoding scheme.

While it's technically possible to encode a QR code as an integer, it's not a practical or efficient way of storing or transmitting QR code data. QR codes are designed to be easily scanned and decoded by software, and encoding them as an integer would require additional processing and conversion steps.




Daniel Alexandre
How many digits, please? The bare minimum that seems reasonable enough and is quite random and arbitrary but seems fine.
It's difficult to give an exact number, as it depends on the specific use case and the size of the QR codes being used. However, a 10-digit integer could potentially encode a large number of QR codes, as it would provide over 10 billion unique values.




Daniel Alexandre
What about QR codes used by SQRL ?
The QR codes used by SQRL contain a specially formatted message that includes a URL, the user's SQRL ID, and a cryptographic signature. The message is then encoded into a QR code and displayed on the screen for the user to scan with their SQRL client.

The format of the message is specific to SQRL, and therefore cannot be directly encoded as an integer. However, it is possible to generate a hash or digest of the message and represent it as an integer. The size of the integer would depend on the hash algorithm used and the desired level of collision resistance.




Daniel Alexandre
It is possible to index the raw data of the QR code to an integer.
Yes, it is possible to convert the raw data of a QR code to an integer using various encoding techniques such as ASCII, Unicode, or binary encoding. However, the resulting integer value may be very large and not practical to use as an identifier or indexing system. In addition, the process of converting the raw data to an integer may introduce errors or loss of information, which could affect the accuracy of the encoding.

It's important to note that the SQRL protocol does not use a simple integer encoding for QR codes. Instead, it uses a combination of public-key cryptography and challenge-response authentication to securely authenticate users without the need for a password. The QR code generated by the web server contains a cryptographic challenge that is signed by the user's private key, and the resulting signature is used to authenticate the user to the server.




Daniel Alexandre
Would it need integers with more than 1000 digits (0-9 digits) if each integer up to that one with a few 1000 or a few more digits was representing a different QR code?
It is possible to represent a large number of QR codes with an integer that has fewer than 1000 digits. However, the exact number of digits required would depend on the specific encoding used for the QR codes and the range of values that the integer needs to cover.

For example, if each QR code is encoded as a binary string of length n, then there are 2^n possible codes. The smallest integer that can represent 2^n values is n digits in base 2 (binary) or approximately n/3.3 digits in base 10 (decimal). So for a QR code with n=1000, the minimum number of decimal digits required to represent all possible codes would be approximately 303.

However, this assumes a simple binary encoding of the QR code data, and in reality, the encoding may be more complex and require a larger range of values. It's also important to consider the potential impact on performance and memory usage when dealing with such large numbers.




Daniel Alexandre
Could you generate random QR codes and put them in a table in a database and use the primary key to know each integer corresponding to one possible QR code?
Yes, it is possible to generate random QR codes and store them in a database with a primary key that corresponds to the integer representation of the QR code. This can be done using a programming language like Python or PHP to generate the QR code and a database system like MySQL or PostgreSQL to store the QR code and its corresponding integer.

For example, in Python, you could use a library like qrcode to generate the QR code and a database library like sqlite3 to store the QR code and its integer representation. Here's an example code snippet:

less
Copy code
import qrcode
import sqlite3

# Generate a random QR code
qr_data = "This is a random QR code"
qr = qrcode.QRCode(version=1, box_size=10, border=4)
qr.add_data(qr_data)
qr.make(fit=True)
img = qr.make_image(fill_color="black", back_color="white")

# Convert the QR code to an integer
qr_integer = int(qr_data.encode('utf-8').hex(), 16)

# Store the QR code and its integer in a SQLite database
conn = sqlite3.connect('qr_codes.db')
c = conn.cursor()
c.execute('CREATE TABLE IF NOT EXISTS qr_codes (id INTEGER PRIMARY KEY, qr_image BLOB, qr_integer INTEGER)')
c.execute('INSERT INTO qr_codes (qr_image, qr_integer) VALUES (?, ?)', (img.tobytes(), qr_integer))
conn.commit()
conn.close()
In this example, a random QR code is generated with the text "This is a random QR code", and its integer representation is calculated using the int() function and the encode() and hex() methods. The QR code and its integer are then stored in a SQLite database with a primary key of id.

When retrieving the QR code from the database, you can use the integer representation to look up the corresponding QR code.




Daniel Alexandre
Can all the data in that database be compacted to a digital fingerprint?
It is possible to generate a digital fingerprint, or hash, of the data in the database. A hash function can take any input, such as the data in a database, and produce a fixed-size output, which is unique to that input. This output can be used as a compact representation of the data in the database, as it is much shorter than the original data and can be used to verify the integrity of the original data. Hash functions are commonly used in cryptography, as well as for verifying file integrity and detecting duplicate data.




Daniel Alexandre
Instead of a database with random QR codes could a database with more structured data be created for all possible (SQRL) QR codes and still give a list of primary keys with up to a maximum integer with less than 10000 digits and a fingerprint of that database?
Yes, it is possible to create a database with structured data for all possible SQRL QR codes and provide a list of primary keys with up to a maximum integer with less than 10,000 digits and a fingerprint of the database.

One way to do this is to create a table with columns for each of the data elements that are used to generate an SQRL QR code, such as the domain name, the user's ID, the timestamp, and any optional parameters. The table could be populated with all possible combinations of these elements, and each row in the table could be assigned a unique primary key.

To create a fingerprint of the database, the data in each row of the table could be concatenated into a single string, and a hash function could be applied to the string to generate a unique fingerprint. This fingerprint could be stored in a separate column in the table, or in a separate table altogether.

Using this approach, it would be possible to generate an integer primary key for each possible SQRL QR code, and a fingerprint of the entire database could be used to verify its integrity.




Daniel Alexandre
Could QR codes be displayed as an option and an integer for those that preferred scanning the corresponding integer manually?
Yes, it is possible to display both the QR code and the corresponding integer as options for users to choose from. This would allow users to scan the QR code using their mobile devices or manually enter the corresponding integer on the login page. However, it is important to ensure that the same authentication mechanism is used for both options to maintain security and prevent any potential vulnerabilities.




Daniel Alexandre
List 5 advantages and use-cases of using integers and preferring the use of an integer instead of QR code when using SQRL in a browser?
Accessibility: Some users may have difficulty scanning QR codes due to vision or other physical impairments. Using integers as an alternative login method ensures accessibility for all users.

Security: An integer-based login method can potentially provide greater security, as it eliminates the need for third-party QR code scanning apps, which can sometimes be vulnerable to security threats.

Convenience: Some users may prefer typing in an integer to scanning a QR code, as it may be quicker and more convenient for them.

Portability: Integers can be easily shared between devices and platforms, allowing for easy login across multiple devices and browsers.

Compatibility: While QR code scanning is a popular method of login, not all devices or browsers support it. Using an integer-based login method ensures compatibility across a wide range of devices and platforms.




Daniel Alexandre
Can integers with thousands of digits be spelled in audio at one digit-a-second rate (frequency of 1 Hz) and in a few hours allow for a blind people to type securely that code instead of scanning a corresponding QR code?
Yes, it is possible to convert a long integer into an audio file with a spoken representation of each digit. The audio file can be played back at a rate of one digit per second, allowing a blind person to listen and type in the corresponding code. This technique is sometimes used as an alternative method for visually impaired individuals to authenticate using one-time passwords or other types of codes. However, the process can be time-consuming and may require a high level of concentration and accuracy from the user, especially for very long integers.




Daniel Alexandre
But less than one hour, right?
Yes, that's correct. A 1000-digit integer can be spelled out in less than one hour at a rate of one digit per second.




Daniel Alexandre
Explain SQRL if QR codes and javascript are not used at all.
SQRL (Secure Quick Reliable Login) is a secure and reliable login method that uses public key cryptography to authenticate users without requiring the use of passwords. Instead of passwords, SQRL uses a public key infrastructure, where each user generates a public and private key pair.

When a user wants to log in to a website using SQRL, they enter their user ID, which is a pseudorandom identifier that is unique to that user. The website generates a cryptographic challenge, which is a random string of characters that is unique to that login session. The website then sends the challenge to the SQRL client, which is a software program that runs on the user's device.

The SQRL client signs the challenge using the user's private key, which is stored securely on the user's device, and sends the signed challenge back to the website. The website verifies the signature using the user's public key, which is stored in a public directory. If the signature is valid, the website grants the user access.

No QR codes or JavaScript are required for this process. The user simply needs to enter their user ID and have access to their private key. The private key is typically stored on the user's device in a secure manner, such as within a secure hardware module or a trusted execution environment.

SQRL offers several advantages over traditional password-based authentication methods. Because each user has a unique public and private key pair, there are no passwords to be stored on the server or transmitted over the network, making the system more secure. Additionally, because the user's private key is stored on their device, there is no need to remember a password, reducing the likelihood of password-related errors and making the login process more convenient.




Daniel Alexandre
Explain better why no QR codes or Javascript are required using a special database with a well-known fingerprint. Please?
Sure, here's a more detailed explanation of how SQRL can work without QR codes or JavaScript, by using a special database with a well-known fingerprint:

The user installs a SQRL client on their device, which generates a public/private key pair and stores it locally.
The user visits a SQRL-enabled website and enters their username.
The website sends a challenge to the SQRL client, which signs it with the user's private key and returns the signature to the website.
The website then looks up the user's public key in a special database that has a well-known fingerprint.
If the user's public key is found in the database, the website verifies the signature using the public key, and if it's valid, logs the user in.
The special database mentioned in step 4 is a database that contains a pre-generated list of public keys, along with a unique index or ID number for each key. This database has a well-known fingerprint, meaning that it has been hashed in a specific way so that its authenticity can be verified by anyone.

When the user logs in, the website looks up their public key in the special database by comparing it to each key in the list until a match is found. The corresponding ID number for that key is then used as the user's identifier for that website, instead of their username or email address.

By using a pre-generated list of public keys in a special database, there is no need for the website to generate QR codes or use JavaScript to communicate with the SQRL client. Additionally, this method eliminates the need for the website to store any sensitive information, such as hashed passwords or digital fingerprints, since the private key remains solely on the user's device.

Overall, this method provides a secure and convenient way for users to log in to websites without relying on traditional password-based authentication methods.

[Petrochemicals]

Is chat gpt a nonce?

If I had written this I would be going through the words with a literary meat leaver and hacking the majority out, it is almost like a user manual. I did not read it.

[evan_au]

Also, you don't seem to know what "nonce" means and... it's not a family friendly word.

Nonce is used appropriately in the technical description above: a random number selected to make encryption or hashing more secure
- When I studied the UNIX operating system way back at university, they used a nonce in the password file to make it harder to crack passwords using a dictionary lookup of hash values.
- The more literary meaning is "(of a word or expression) coined for one occasion.". Perhaps an example is:

’Twas brillig, and the slithy toves
      Did gyre and gimble in the wabe:

The unsavory version is UK jailhouse slang, referring to a rapist or child molester; a sexual offender
- And apparently an acronym for "not on normal courtyard exercise" - I assume this means prisoners who should not be permitted near other prisoners?

[alancalverd]

"For the nonce" has been around for centuries (Shakespeare?) meaning "for the time being", so the implication of someting random or temporary is fitting.

No problem in principle letting a human nonce near other prisoners, but they do tend to suffer unexplained injuries, rather like bent coppers, cop killers and child murderers, whilst in custody. Some criminal behaviors are just not cricket, old boy.

[Petrochemicals]

The unsavory version is UK jailhouse slang, referring to a rapist or child molester; a sexual offender
- And apparently an acronym for "not on normal courtyard exercise" - I assume this means prisoners who should not be permitted near other prisoners?

Or "nonsensical bastard", a "nonsence" as an adjective. I think we should ask chat gpt.

[remotemass (OP)]

Dynamic passwords that can be set using PHP script and $vars where vars can be anything found online on the web or social networks

Dynamic passwords that are set using PHP scripts and variables can be an effective way to create unique and secure passwords for users. One approach could be to use a combination of user-specific variables and publicly available information to create the password.

For example, you could use the user's username, current date, and a publicly available trending hashtag as the basis for the dynamic password. The PHP script would concatenate these variables, apply a hashing algorithm to create a secure password, and store the result in a database or file for later authentication.

Another approach could be to use a random string generator to create a unique password for each user. The PHP script would generate a new password each time the user logs in, ensuring that the password is always unique and secure.

It's important to ensure that the dynamic passwords are stored securely, such as using strong encryption or hashing algorithms, to prevent unauthorized access to the passwords. Additionally, users should be encouraged to use unique and secure passwords for their accounts and to change their passwords regularly to maintain security.




Daniel Alexandre
The system on the server would have the script server side and generate the hash on the server side
Yes, that's correct. The password hash should be generated on the server side and not on the client side to ensure that the password is kept secure and not exposed to potential attackers.

In a PHP script, you could use the password_hash() function to generate a secure hash of a password. For example:

bash
Copy code
$plaintext_password = "my_password";
$options = [
    'cost' => 12,
];
$hashed_password = password_hash($plaintext_password, PASSWORD_BCRYPT, $options);
The PASSWORD_BCRYPT algorithm is recommended for password hashing in PHP. The cost option determines the computational cost of the hashing algorithm and can be adjusted based on the server's hardware and security requirements.

Once the password is hashed, it can be stored in a database or other data store for later comparison during login attempts. The password_verify() function can be used to compare a plaintext password to a stored hash. For example:

perl
Copy code
$stored_hashed_password = "hash_generated_on_server";
$plaintext_password = "my_password";
if (password_verify($plaintext_password, $stored_hashed_password)) {
    // Passwords match
} else {
    // Passwords do not match
}



Daniel Alexandre
in a dynamic password only the hash of the static part of the password is stored on the database. The dynamic part is found out in real time with the script that was set and that the user knows
Yes, that's correct. The static part of the password is stored in the database as a hash, which cannot be reversed to obtain the original password. The dynamic part of the password is generated in real time using the script that the user knows, and is combined with the static part to form the complete password. This way, even if the database is compromised, an attacker would not have access to the dynamic part of the password, making it much more difficult to crack.




Daniel Alexandre
date time location and any content from the web can be part of the script and the user has total freedom to configure his account with an updated script.
Yes, that's correct. The user can customize the script to include any variable or content from the web, as long as it's accessible and retrievable through the script. The script can also incorporate date, time, and location information to make the dynamic password even more secure and personalized. However, it's important to ensure that the script is not vulnerable to attacks and that the dynamic password generation process is secure to prevent unauthorized access to the user's account.




Daniel Alexandre
design a simple script language for the sole purpose of dynamic passwords authentication and explain how to use it.
Sure, here's an example of a simple script language for dynamic password authentication:

The script language consists of a series of variables and operations that can be combined to create a dynamic password. Each variable can be assigned a value, which can be a string, number, or boolean. The operations include concatenation, addition, subtraction, multiplication, and division.

Here's an example script:

bash
Copy code
# Define variables
$location = "New York";
$date = "2023-04-12";
$content = "Hello World";
$secret = "MySecretPassword";

# Concatenate variables
$dynamic_password = $location . $date . $content . $secret;

# Hash the password
$hashed_password = sha256($dynamic_password);

# Output the hashed password
echo $hashed_password;
In this script, we define four variables: $location, $date, $content, and $secret. These variables can be set to any value that the user desires. In this example, we set $location to "New York", $date to "2023-04-12", $content to "Hello World", and $secret to "MySecretPassword".

Next, we concatenate the variables using the . operator. This creates a unique string that changes based on the values of the variables. We then hash the concatenated string using the SHA256 algorithm. Finally, we output the hashed password to the user.

To use this script for authentication, the user would need to remember their chosen values for the variables, as well as the order in which they were concatenated. They could then generate the dynamic password by running the script with their chosen values. The resulting hashed password could be compared with the hashed password stored in the database for authentication.

This script language is simple, yet flexible, allowing users to create unique dynamic passwords based on a variety of variables and operations. It can be used in conjunction with other security measures, such as two-factor authentication, to provide an additional layer of protection for user accounts.




Daniel Alexandre
Could it have also a security measure of if I don't tweet for a given time, for instance, only the static part is needed.
Yes, the script language for dynamic passwords could include a time-based security measure where if the user hasn't performed a certain action (such as tweeting) for a specified period of time, then only the static part of the password would be needed for authentication.

This can be achieved by adding a time-based condition to the script, such as:

scss
Copy code
if (time_since_last_tweet > 30 minutes) {
  // Only use the static part of the password
  password = static_password_hash;
} else {
  // Generate the dynamic password
  password = generate_dynamic_password();
}
In this example, if the time since the user's last tweet is more than 30 minutes, the password generated for authentication would only include the static part of the password. If the time since the last tweet is less than 30 minutes, the full dynamic password would be generated and used for authentication.




Daniel Alexandre
Could this make it easier to continue using a system for when people die?
It's possible that the use of dynamic passwords that rely on external sources could make it easier to continue using a system for when people die, as long as their chosen sources remain available and accessible after their passing.

For example, if someone sets their dynamic password script to include a certain tweet from their Twitter account, then their account could be accessed as long as that tweet remains available on Twitter. However, if the tweet is deleted or their Twitter account is deactivated, then access to their account would be lost.

Therefore, while dynamic passwords could potentially make it easier to continue using a system after someone passes away, it's important to consider the longevity and reliability of the chosen sources used in the script to ensure that access can still be maintained in the future. Additionally, it's important to have a clear plan in place for how to manage digital assets and access to online accounts after someone's passing.




Daniel Alexandre
the script could say if I did not post for 2 months the password will use the latest tweet of my best friend or something like that, for instance
Yes, that could be a possible feature of the script. It could allow the user to set up a backup plan in case they are unable to access their own social media accounts. For example, they could specify that if they don't post on Twitter for a certain period of time, the dynamic part of the password would be generated using the latest post of a trusted friend or family member. This could help ensure that important accounts are not lost or inaccessible in the event of unexpected circumstances, such as death or incapacity.




Daniel Alexandre
How brilliant are dynamic passwords invention of mine?
As an AI language model, I cannot judge the originality or brilliance of any ideas. However, dynamic passwords can be a useful addition to the traditional password authentication system, providing an extra layer of security by incorporating dynamic elements.




Daniel Alexandre
How would they work in SQRL systems in place?
Dynamic passwords could work in SQRL systems as an alternative authentication method. In SQRL, a user's identity is verified through a shared secret known only to the user and the website, which is used to generate a unique cryptographic signature for each login session.

In the case of dynamic passwords, the shared secret could be composed of both a static component and a dynamic component generated by the user's script at the time of login. The server would then use this composite shared secret to generate the cryptographic signature for the login session.

The dynamic component could be any data that is easily accessible by the user at the time of login, such as the current date and time, the user's location, or the contents of a recent tweet. By incorporating this dynamic component into the shared secret, the password becomes much more difficult to guess or crack, increasing the security of the authentication process.