- From: James Nurthen <james.nurthen@oracle.com>
- Date: Tue, 29 Mar 2016 10:03:38 -0700
- To: public-aria-admin@w3.org
- Message-ID: <56FAB56A.9010007@oracle.com>
Léonie, The issue you speak of is already possible today without a new password role using a hidden off-screen password field which echos its output to a visible text item. I'm not sure adding the role will increase the possibility of someone trying this as it is already trivial to do. See http://output.jsbin.com/padisihehi for a proof of concept. Regards, James On 3/29/2016 6:25 AM, Léonie Watson wrote: > > *From:*Rich Schwerdtfeger [mailto:richschwer@gmail.com] > *Sent:* 28 March 2016 23:25 > > “So, the net of this if we don’t include the role we continue to leave > users exposed with a security hole where everyone can hear the > password they are typing unless they happen to have a headset on. Is > that what you both want?” > > Introducing a different security hole to fix another doesn’t seem like > a good solution. > > If I hear my password in clear speech, I know I have a problem and can > take steps to remedy it. If I hear “* * *” whilst my password is > visible on-screen, I have a much more serious problem because I am > unaware there *is a problem. > > Léonie. > > -- > > @LeonieWatson tink.uk Carpe diem. > -- Regards, James Oracle <http://www.oracle.com> James Nurthen | Principal Engineer, Accessibility Phone: +1 650 506 6781 <tel:+1%20650%20506%206781> | Mobile: +1 415 987 1918 <tel:+1%20415%20987%201918> | Video: james.nurthen@oracle.com <sip:james.nurthen@oracle.com> Oracle Corporate Architecture 500 Oracle Parkway | Redwood Cty, CA 94065 Green Oracle <http://www.oracle.com/commitment> Oracle is committed to developing practices and products that help protect the environment
Received on Tuesday, 29 March 2016 17:05:49 UTC