Re: 7 Day Call for Consensus March 17, 2016 ARIA Working Group Resolutions

Léonie,
The issue you speak of is already possible today without a new password 
role using a hidden off-screen password field which echos its output to 
a visible text item. I'm not sure adding the role will increase the 
possibility of someone trying this as it is already trivial to do.
See http://output.jsbin.com/padisihehi for a proof of concept.
Regards,
James

On 3/29/2016 6:25 AM, Léonie Watson wrote:
>
> *From:*Rich Schwerdtfeger [mailto:richschwer@gmail.com]
> *Sent:* 28 March 2016 23:25
>
> “So, the net of this if we don’t include the role we continue to leave 
> users exposed with a security hole where everyone can hear the 
> password they are typing unless they happen to have a headset on. Is 
> that what you both want?”
>
> Introducing a different security hole to fix another doesn’t seem like 
> a good solution.
>
> If I hear my password in clear speech, I know I have a problem and can 
> take steps to remedy it. If I hear “* * *” whilst my password is 
> visible on-screen, I have a much more serious problem because I am 
> unaware there *is a problem.
>
> Léonie.
>
> -- 
>
> @LeonieWatson tink.uk Carpe diem.
>

-- 
Regards, James

Oracle <http://www.oracle.com>
James Nurthen | Principal Engineer, Accessibility
Phone: +1 650 506 6781 <tel:+1%20650%20506%206781> | Mobile: +1 415 987 
1918 <tel:+1%20415%20987%201918> | Video: james.nurthen@oracle.com 
<sip:james.nurthen@oracle.com>
Oracle Corporate Architecture
500 Oracle Parkway | Redwood Cty, CA 94065
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to 
developing practices and products that help protect the environment

Received on Tuesday, 29 March 2016 17:05:49 UTC