Re: Authentication barrier

Alastair Campbell writes:
> ...
> You just have to trust the other people in your house...
> 


Kevin Mitnick is a famous hacker who spent time in a U.S. jail for hacking.

https://en.wikipedia.org/wiki/Kevin_Mitnick

One of his hacking strategies involved looking at postit notes that had
been hung on
monitors in an office environment. It afforded him a treasure trove of
logins and passwords.

Moral of the story? If ya'gotta right it down, right it in an encrypted
file/location.

It's not just the people you live with, or work with. It's everyone who
comes in contact with your environment. If it's written down in plain
sight, it's easily harvested.

Best,

Janina


> -Alastair
> 
> 
> -----Original Message-----
> From: Steve Lee <stevelee@w3.org> 
> Sent: 30 January 2019 13:19
> To: public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
> Subject: Authentication barrier
> 
> So I just tried to log into my bank which I do very rarely and the have switched to a scheme where you need to enter and subset of characters from a password. Eg 2, 5 and 10th character
> 
> In my fuzzy state today I found this difficult. As Jamie mention short term memory issues I wonder if that would be impossible without writing it down an putting the numbers underneath? Obviously a complete security failure!
> 
> I suggest we consider specifically calling it out calling it out in the "Logging in does not rely on good memory or other cognitive skills" Pattern?
> 
> Perhaps change
>    "memorizing character strings,"
> to
>   "memorizing character strings or a subset identified by character position"
> 
> Steve
> 

-- 

Janina Sajka

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures	http://www.w3.org/wai/apa

Received on Thursday, 31 January 2019 14:31:23 UTC