RE: Authentication barrier

I have recently seen organisations asking users to load videos or photos instead of using memorable words/phrases as part of their authentication process. While this has some advantage for some COGA groups (easier to recognise an image than recall a word), it does pose barriers for many others. Are we covering this too?

Abi

-----Original Message-----
From: Alastair Campbell <acampbell@nomensa.com> 
Sent: 30 January 2019 18:41
To: public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
Subject: RE: Authentication barrier

Hi Steve,

Good case study, I think the last version of the authentication SC would catch that, it's both transposing and memorising, a double-wamy!

From a security point of view having a bit of paper at home with that password on is not the end of the world, that still stops people from using it over the internet. (A paper password book is considered much better than using the same password for every website, but not as good as a password manager + 2nd factor.) You just have to trust the other people in your house...

-Alastair


-----Original Message-----
From: Steve Lee <stevelee@w3.org>
Sent: 30 January 2019 13:19
To: public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
Subject: Authentication barrier

So I just tried to log into my bank which I do very rarely and the have switched to a scheme where you need to enter and subset of characters from a password. Eg 2, 5 and 10th character

In my fuzzy state today I found this difficult. As Jamie mention short term memory issues I wonder if that would be impossible without writing it down an putting the numbers underneath? Obviously a complete security failure!

I suggest we consider specifically calling it out calling it out in the "Logging in does not rely on good memory or other cognitive skills" Pattern?

Perhaps change
   "memorizing character strings,"
to
  "memorizing character strings or a subset identified by character position"

Steve

Received on Wednesday, 30 January 2019 19:08:28 UTC