My quick review of http://www.w3.org/TR/2014/WD-UISecurity-20140318/ from lisa.seeman on 2014-06-01 (public-cognitive-a11y-tf@w3.org from June 2014)

From: lisa.seeman <lisa.seeman@zoho.com>
Date: Sun, 01 Jun 2014 23:20:36 +0300
To: "public-cognitive-a11y-tf" <public-cognitive-a11y-tf@w3.org>
Cc: "public-pfwg" <public-pfwg@w3.org>
Message-Id: <146590b6dc5.3424769343845524185.-3577409377874602159@zoho.com>

My 2 cents on http://www.w3.org/TR/2014/WD-UISecurity-20140318/

I would suggest changes to section 14 that,
 User agents SHOULD provide a means for the user to manually disable enforcement of the Input Protection Heuristic if it interferes with their chosen accessibility technologies.
1. SHOULD should be changed to MUST
2. Add a sentence that the mechanism for manually disable enforcement of the Input Protection Heuristic MUST be operable by assistive technolgies and by people with cognative disabilities who are able to understand the security risk.

In section 14 I would add:

2. Mechanisms for CAPTCHA and user verification should included options for people with different disabilities, including cognitive disabilities, people with impaired visual and auditory discrimination skills and for different modalities. For example, if  CAPTCHA or user verification  require  biometrics  a choice should be offered of what biometrics to use,  as people with different disabilities may be precluded from one or more  specific  biometric mechanism.

All the best

Lisa Seeman

Athena ICT Accessibility Projects 
LinkedIn, Twitter

Received on Sunday, 1 June 2014 20:23:07 UTC