Those are very bland and generic criticisms that can equally be leveled at many other authentication schemes.
Does this sqrl improve on the existing security offered by alternatives? Likely not. It just offers convenience and keeps many of the existing downsides.
Honestly 2/3 of those criticisms can be leveled at ANY single-sign-on scheme (Facebook, Google, Microsoft, etc). And the password reset issue would be trivial to engineer around.
So using it to explain why sqrl is a bad idea is a little confusing, are Google accounts also a bad idea?
Does this sqrl improve on the existing security offered by alternatives? Likely not. It just offers convenience and keeps many of the existing downsides.
Honestly 2/3 of those criticisms can be leveled at ANY single-sign-on scheme (Facebook, Google, Microsoft, etc). And the password reset issue would be trivial to engineer around.
So using it to explain why sqrl is a bad idea is a little confusing, are Google accounts also a bad idea?