Accessible authentication

Hi everyone,

John Rochford has been continuing to work on the Accessible Authentication SC, which is on the agenda for Tuesday.

Something that would be very helpful for this SC is examples, both good examples and challenging ones.

For example, email providers are particularly challenging as you cannot do a simple email reset. From what I can see:

  *   Google provides multiple methods for 2nd factor authentication, including a very simple 'google prompt' [1] where you just tap 'yes' in a gmail app on your device. However, username/password is the primary step for login, I can't see a way around that.

  *   Microsoft accounts default to username password, but if you use the Edge browser (possibly others) you can use Windows Hello [2] or a security key instead.

  *   Apple defaults to username and password. If you enable 2 factor, that is a 6 digit code to transcribe.

So of the big platform & email providers, one enables you to avoid the username/password step for their online account logins. You can also do an email loop to a backup address, but I think you are then resetting the password.

As Bruce mentioned, a secure authentication requires at least 2 factors, e.g. something you know, something you have, or something you are.

For the WebauthN approach, it is moving both to your device. I.e. you have the device, and you authenticated to the device with something you have/know (e.g. biometric or password/pin).

So, does anyone else have any good and/or complex examples?

Kind regards,

-Alastair

1] https://nakedsecurity.sophos.com/2018/04/26/gmail-users-heres-how-and-why-you-should-set-up-prompt-based-2fa/
2] https://support.microsoft.com/en-us/help/4463210/windows-10-sign-in-microsoft-account-windows-hello-security-key

--

www.nomensa.com<http://www.nomensa.com/>
tel: +44 (0)117 929 7333 / 07970 879 653
follow us: @we_are_nomensa or me: @alastc
Nomensa Ltd. King William House, 13 Queen Square, Bristol BS1 4NT

Company number: 4214477 | UK VAT registration: GB 771727411