Re: Next steps for accessible authentication

[Jason] Some organizations (such as financial institutions) may have good security reasons to disallow password managers. This observation reinforces my view that we need a strong security review of this proposal.



It is an issue I’ve followed fairly closely; most modern advice is to allow it:

https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords (Official UK Gov advice.)

https://www.troyhunt.com/the-cobra-effect-that-is-disabling/


https://www.wired.com/2015/07/websites-please-stop-blocking-password-managers-2015/




I haven’t seen any reason for disabling pasting that has not be myth-busted by one of the above.



Cheers,



-Alastair

Received on Tuesday, 20 June 2017 15:10:36 UTC