W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > April to June 2017

Re: Next steps for accessible authentication

From: Alastair Campbell <acampbell@nomensa.com>
Date: Tue, 20 Jun 2017 15:10:00 +0000
To: "White, Jason J" <jjwhite@ets.org>
CC: "public-cognitive-a11y-tf@w3.org" <public-cognitive-a11y-tf@w3.org>, WCAG <w3c-wai-gl@w3.org>
Message-ID: <208D6DD0-8DED-42CC-B505-738CBC478209@nomensa.com>
[Jason] Some organizations (such as financial institutions) may have good security reasons to disallow password managers. This observation reinforces my view that we need a strong security review of this proposal.



It is an issue I’ve followed fairly closely; most modern advice is to allow it:

https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords (Official UK Gov advice.)

https://www.troyhunt.com/the-cobra-effect-that-is-disabling/


https://www.wired.com/2015/07/websites-please-stop-blocking-password-managers-2015/




I haven’t seen any reason for disabling pasting that has not be myth-busted by one of the above.



Cheers,



-Alastair
Received on Tuesday, 20 June 2017 15:10:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 June 2017 15:10:38 UTC