Re: Accessible Authentication SC: new language; vote +1 or -1 from Gregg C Vanderheiden on 2017-06-08 (public-cognitive-a11y-tf@w3.org from June 2017)

From: Gregg C Vanderheiden <greggvan@umd.edu>
Date: Thu, 8 Jun 2017 12:34:52 -0400
To: EA Draffan <ead@ecs.soton.ac.uk>
Cc: "Rochford, John" <john.rochford@umassmed.edu>, public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
Message-Id: <60189774-BB95-4BAC-9475-B352CDD35B93@umd.edu>

hmmmm

I like it 

but we need to talk to authentication experts — and have examples of techniques for doing this. 

If we have two factor authentication required (Which is good)  does this remove one of the factors?  

what you are    (biometrics)
what you have   (Key or card or token or  phone etc)
what you know    (password etc) 

Does this removed #3?     would that require other factors be relied upon? 


What are the techniques for this SC? 


g 

Gregg C Vanderheiden
greggvan@umd.edu




> On Jun 8, 2017, at 4:45 AM, EA Draffan <ead@ecs.soton.ac.uk> wrote:
> 
> Sorry I am finding the one sentence is a mouthful! Are we allowed to break it up? <>
>  
> “Essential steps of an authentication process, which rely upon recalling or copying information, have alternative essential steps as well as an authentication-credentials reset process. Neither process should rely upon recalling and copying information.”
>  
>  
>  
> Best wishes
> E.A. 
>  
> Mrs E.A. Draffan
> WAIS, ECS , University of Southampton
> Mobile +44 (0)7976 289103
> http://access.ecs.soton.ac.uk <https://www.outlook.soton.ac.uk/owa/redir.aspx?C=69b1RzNTDwem3wbm4pLRmuYfTLt16YjcghtEpZBsF5Sebx78I2DUCA..&URL=http%3a%2f%2faccess.ecs.soton.ac.uk%2f>
> UK AAATE rep http://www.aaate.net/ <https://www.outlook.soton.ac.uk/owa/redir.aspx?C=WUwOCw_4FszLSzcUbkoFdDkad8-Q_GrRfPYUJ_ol5l2ebx78I2DUCA..&URL=http%3a%2f%2fwww.aaate.net%2f>
>  
> From: Rochford, John [mailto:john.rochford@umassmed.edu] 
> Sent: 08 June 2017 00:04
> To: public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
> Subject: Accessible Authentication SC: new language; vote +1 or -1
>  
> Hi All,
>  
> Based upon recent efforts by Mike Pluke, Lisa, and I, the below is new language we hope everyone will find acceptable.
>  
> “Essential steps of an authentication process, which rely upon recalling or copying information, have alternative essential steps, and an authentication-credentials reset process, which do not rely upon recalling and copying information.”
>  
> Please vote +1 or -1.
>  
> John
>  
> John Rochford <http://bit.ly/profile-rj>
> UMass Medical School/E.K. Shriver Center
> Director, INDEX Program
> Instructor, Family Medicine & Community Health
> www.DisabilityInfo.org <x-msg://49/www.DisabilityInfo.org>
> Twitter: @ClearHelper <https://twitter.com/clearhelper>
>  
> Confidentiality Notice:
> This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender immediately and destroy or permanently delete all copies of the original message.

Received on Thursday, 8 June 2017 16:35:45 UTC