RE: Authentication barrier

Hi Steve,

Good case study, I think the last version of the authentication SC would catch that, it's both transposing and memorising, a double-wamy!

From a security point of view having a bit of paper at home with that password on is not the end of the world, that still stops people from using it over the internet. (A paper password book is considered much better than using the same password for every website, but not as good as a password manager + 2nd factor.) 
You just have to trust the other people in your house...

-Alastair


-----Original Message-----
From: Steve Lee <stevelee@w3.org> 
Sent: 30 January 2019 13:19
To: public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
Subject: Authentication barrier

So I just tried to log into my bank which I do very rarely and the have switched to a scheme where you need to enter and subset of characters from a password. Eg 2, 5 and 10th character

In my fuzzy state today I found this difficult. As Jamie mention short term memory issues I wonder if that would be impossible without writing it down an putting the numbers underneath? Obviously a complete security failure!

I suggest we consider specifically calling it out calling it out in the "Logging in does not rely on good memory or other cognitive skills" Pattern?

Perhaps change
   "memorizing character strings,"
to
  "memorizing character strings or a subset identified by character position"

Steve

Received on Wednesday, 30 January 2019 18:41:02 UTC