RE: Tech industry completes its standards for banishing passwords from Rochford, John on 2014-12-10 (public-cognitive-a11y-tf@w3.org from December 2014)

From: Rochford, John <john.rochford@umassmed.edu>
Date: Wed, 10 Dec 2014 14:53:41 +0000
To: Steve Lee <steve@opendirective.com>, public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
Message-ID: <55BD19D83AA2BE499FBE026983AB2B583614762E@ummscsmbx07.ad.umassmed.edu>

Hi Steve and All,

I have added these standards, known as FIDO, to the issue paper on web security and privacy technologies, as an alternative technology. The following is how I described it. I am open, as always, to suggestions.
Fast IDentity Online (FIDO), password-free standards for typical and two-factor authentication.

·     FIDO relies upon user authentication based upon a user's device (e.g., phone, tablet, computer).

·     A user's device registers the user, to a server, via a public key.

·     Upon a challenge from the server, the user's device responds with a private key.

·     The device's keys are unlocked by the user biometrically (e.g., fingerprint scanner) or by a button press, not by a password.
I thank Steve for the referral.

John

John Rochford
UMass Medical School/E.K. Shriver Center
Director, INDEX Program
Instructor, Family Medicine & Community Health
http://www.DisabilityInfo.org<http://www.disabilityinfo.org/>
Twitter: @ClearHelper

From: Steve Lee [mailto:steve@opendirective.com]
Sent: Wednesday, December 10, 2014 3:36 AM
To: public-cognitive-a11y-tf
Subject: Tech industry completes its standards for banishing passwords


http://engt.co/1sbeXko


This could eliminate at leasr 2 pain points: remembering passwords and CAPTCHAs. As long as all related UIs are coga11y friendly.

Steve

Autocomplete may have messed with my text

Received on Wednesday, 10 December 2014 14:54:13 UTC