Re: Success Criterion Proposal and Re: The Cognitive Accessibility Task Force Teleconference - Monday, August 29, 2016

I'm thinking that we could mention Single Sign On (SSO) and social
login (ie SSO via Facebook etc). These potentially reduce the number
of times a use must authenticate - but only if they already have an
appropriate account.

Also many authentication systems and their reset flows assume you have
an email address and can click a link in emails.

I've been struggling with authentication by people with a lack of
email or social account for Brian users who will often be older people
with dementia in care homes. SaaS services like the excellent Auth0
assume these by default. Of course weak authentication such as short
password or a favourite image are not very secure.

Steve Lee
OpenDirective http://opendirective.com


On 5 September 2016 at 15:24, Michael Pluke
<Mike.Pluke@castle-consult.com> wrote:
> Hi Lisa
>
>
>
> I think that the attempt to broaden this out to possibly include both user
> authentication and navigation (two very different use cases) will return us
> to a situation where the criteria that are checked to see if a system meets
> the SC require too much interpretation on the part of the evaluator. I think
> that the SCs for the two use cases, although similar in concept, will need
> to be formulated differently. In my email I hinted at what a more general SC
> (that could cover navigation) could look like – now I should get on and try
> to draft it!
>
>
>
> I’m afraid that the much broader bulleted items that you have proposed will
> make it more difficult for someone to say if a particular user
> authentication method relies on one of those abilities. The bullets that I
> proposed relate to very specific types of user authentication methods that
> are in current use. Although this might exclude examples that are yet to be
> tried, I suspect that these might be covered by the yet to be written more
> general “abilities” SC.
>
>
>
> I can explain two of my bullets to show that they are often used and that I
> don’t think that they are captured with your revised bullets:
>
>
>
> -          “correctly identify and enter numbered characters from a
> character string” (maybe this could be better worded?) – an example is
> “Please enter the third, fifth and eighth characters of your passphrase”.
> This places extreme stress on working memory where people do not just have
> to recall their passphrase (from long term memory), they have to perform a
> complex selection process on the phrase that involves also using counting,
> short term memory abilities and visualization skills! Many people with
> normal cognitive abilities will be forced to write down their passphrase as
> the only possible way to execute this task – which is exactly what the
> security people tell us we must never do! I don’t think that the new
> proposed bullets adequately address this very specific type of complex
> processing in working memory.
>
> I don’t think that evaluators could be reliably expected to say that this
> method contravenes, say, the “complex cognitive function” aspect of the new
> bullets. Some might say that, others might just miss it altogether.
>
>
> -          “reliably produce gestures” – refers to methods where the user is
> asked to draw a shape on the screen/touchpad with their finger and then have
> that stored as the template that they are expected to accurately reproduce
> when challenged in a user authentication process. I don’t think that the new
> suggestion of “correctly copy information such as … gestures” hits the mark.
> The user task is: generate gesture, memorise gesture, reproduce the gesture
> with sufficient accuracy at a much later time. This is probably covered by
> the totality of all the new bullets, but again I cannot imagine that a group
> of evaluators would all reliably pass/fail a user authentication method that
> relied on this behaviour (or if they did I would be amazed if they could all
> give a similar explanation of why they failed it based on the new proposed
> bullets).
>
>
>
> So, although it would be fine to re-arrange my original bullets in a more
> logical order, I’d not be happy to accept the new ones.
>
>
>
> Best regards
>
>
>
> Mike
>
>
>
> From: lisa.seeman [mailto:lisa.seeman@zoho.com]
> Sent: 05 September 2016 14:39
> To: Michael Pluke <Mike.Pluke@castle-consult.com>
> Cc: public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
> Subject: Re: Success Criterion Proposal and Re: The Cognitive Accessibility
> Task Force Teleconference - Monday, August 29, 2016
>
>
>
>
> Hi Mike
> Would it be good to change it authentication and navigation? Then it meets
> both use cases. Maybe it is better to keep them separate and clear.
>
> Also I tried to wordsmith the text so similar options are merged, but also
> the scope is broader for what ever comes next...
>
> At least one user authentication method is offered that does not rely on a
> user's ability to:
>
> memorize information such as characters, words, numbers or gestures or;
> correctly identify information such as characters, words, numbers or
> gestures or;
> correctly  copy  information such as characters, words, numbers or gestures
> or;
> reliably produce information from memory
> perform calculations or complex cognitive function
> speak
>
> Exception: A user identification method that relies on one of the above
> abilities can be the only method if that ability is essential to make
> effective use of the content accessed via the user authentication method.
>
> All the best
>
> Lisa Seeman
>
> LinkedIn, Twitter
>
>
>
>
>
> ---- On Mon, 29 Aug 2016 14:45:28 +0300 Michael Pluke wrote ----
>> Regrets - I have an all-day (bank holiday) family birthday celebration to
>> attend today and cannot make the meeting.
>>
>> I've attached a first attempt at a Success Criterion related to user
>> authentication. This covers less scope than the original proposal
>> (referenced in the "No Barrriers" file). I will attempt to create additional
>> proposal to fill the gaps in the original user needs.
>>
>>
>> I can see the need for additional success criteria that are not tied to
>> user authentication. One example would be one that addresses the avoidance
>> of expecting a user to remember information that they entered or that was
>> presented to them in one step of a process and then expecting them to
>> process or enter it in a later step.
>>
>>
>> Best regards
>>
>>
>> Mike
>>
>>
>> Sent using CloudMagic Email
>>
>>
>> On Sun, Aug 28, 2016 at 2:02 pm, lisa.seeman <lisa.seeman@zoho.com> wrote:
>> Call information for the Cognitive Accessibility Task Force Teleconference
>> - Monday, August 29, 2016
>>
>>
>> Time:
>> 11 am Austin time
>> 12 pm EST (Boston and New York)
>> 5 pm London
>> 7 pm IST Israel
>>
>> You can verify the correct time of this meeting in your time zone using
>> the Fixed Time Clock
>>
>>
>>
>>
>> You can join the call by pressing the following link: Join WebEx meeting
>> Meeting number:649 368 070
>> Meeting password:This has been changed. Let me know if you do not have it.
>> You can also ping me on the irc channel
>>
>>
>>
>>
>> Join by phone 1-617-324-0000
>> US Toll Number Access code: 649 368 070
>> CCP:+16173240000x649368070# Mobile Auto Dial:+1-617-324-0000,,,649368070#
>>
>>
>> Add this meeting to your calendar.
>> Contact support.
>>
>>
>> You can also:
>> * Have Webex call you: https://mit.webex.com/
>> * Install the Webex plugin for your browser and use it to connect
>>
>>
>> IRC access
>> An IRC (Internet Relay Chat) channel will be available during the call.
>> (The server is irc.w3.org ,The port number is 6665 )
>>
>>
>> IRC made simple:
>> IRC is like our chat room. You can join us on IRC simply by clicking on
>> http://irc.w3.org/?channels=coga
>>
>> The channel is #coga
>> You can write any name as a nickname
>>
>>
>> Now you can chat while we talk.
>>
>>
>>
>> Preliminary Agenda
>>
>> Preliminary Agenda Meeting:The Cognitive Accessibility Task Force
>> Teleconference Chair:Lisa_Seeman agenda: this agenda+ review actions agenda+
>> review kurts contribution at
>> https://rawgit.com/w3c/coga/master/extension/rapid-and-direct-feedback.html
>> agenda+ Tables
>> https://rawgit.com/w3c/coga/master/gap-analysis/table.html#table2 agenda+ be
>> done
>>
>> Other Information (less important)
>>
>> Resource: For Reference
>> Home Page: http://www.w3.org/WAI/PF/cognitive-a11y-tf/
>> Work Statement: http://www.w3.org/WAI/PF/cognitive-a11y-tf/work-statement
>> Email Archive:
>> http://lists.w3.org/Archives/Public/public-cognitive-a11y-tf/
>> Wiki Main Page: http://www.w3.org/WAI/PF/cognitive-a11y-tf/wiki/Main_Page
>> Wiki Gap Analysis:
>> http://www.w3.org/WAI/PF/cognitive-a11y-tf/wiki/Gap_Analysis
>>
>>
>> * Some helpful Scribing and Participation Tips
>> http://www.w3.org/WAI/PF/wiki/Teleconference_cheat_sheet
>>
>>
>> - For more on W3C use of IRC see:
>> http://www.w3.org/Project/IRC/
>>
>>
>>
>> All the best
>>
>>
>>
>> Lisa Seeman
>>
>> LinkedIn, Twitter
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>

Received on Wednesday, 7 September 2016 15:48:28 UTC