- From: Steve Lee <stevelee@w3.org>
- Date: Wed, 30 Jan 2019 19:07:34 +0000
- To: public-cognitive-a11y-tf@w3.org
> Good case study, I think the last version of the authentication SC That's a good reminder to check for related SCs when writing the Patterns. > From a security point of view having a bit of paper at home with that password But you might be in a public location when logging in :) I did think there are other methods that could be used like just writing down the subset of letters as you count on your fingers as you say each letter of you password. Perhaps we should add "Don't make user perform tricks in order to log in" That would cover recognising American school buses in CAPTCHA :) Steve On 30/01/2019 18:40, Alastair Campbell wrote: > Hi Steve, > > Good case study, I think the last version of the authentication SC would catch that, it's both transposing and memorising, a double-wamy! > > From a security point of view having a bit of paper at home with that password on is not the end of the world, that still stops people from using it over the internet. (A paper password book is considered much better than using the same password for every website, but not as good as a password manager + 2nd factor.) > You just have to trust the other people in your house... > > -Alastair > > > -----Original Message----- > From: Steve Lee <stevelee@w3.org> > Sent: 30 January 2019 13:19 > To: public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org> > Subject: Authentication barrier > > So I just tried to log into my bank which I do very rarely and the have switched to a scheme where you need to enter and subset of characters from a password. Eg 2, 5 and 10th character > > In my fuzzy state today I found this difficult. As Jamie mention short term memory issues I wonder if that would be impossible without writing it down an putting the numbers underneath? Obviously a complete security failure! > > I suggest we consider specifically calling it out calling it out in the "Logging in does not rely on good memory or other cognitive skills" Pattern? > > Perhaps change > "memorizing character strings," > to > "memorizing character strings or a subset identified by character position" > > Steve >
Received on Wednesday, 30 January 2019 19:07:39 UTC