W3C home > Mailing lists > Public > public-device-apis-log@w3.org > May 2017

Re: [sensors] Avoid PIN skimming attacks

From: Alexander Shalamov via GitHub <sysbot+gh@w3.org>
Date: Thu, 04 May 2017 10:26:08 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-299148317-1493893567-sysbot+gh@w3.org>
@pozdnyakov 

> I'm not arguing that we should take care about all the input methods, and I'm not challenging the `<input type="password">` protection proposal :)

`<input type="password">` Is a special case, however, all elements that capture user input can be protected. Button is one example, it is focuseable in an iframe, captures input, does not need input from hw / sw keyboard.

> But I'd like to point out that reacting on virtual keyboard appearance is quite a "low-hanging fruit" in terms of implementation and at the same time it is efficient for most of the clients.

I've done few projects in the past, where devices had only VKB, HW or combination of both. Usually IME hides this information (VKB open / hidden), therefore, applications don't know when VKB is open.

-- 
GitHub Notification of comment by alexshalamov
Please view or discuss this issue at https://github.com/w3c/sensors/issues/189#issuecomment-299148317 using your GitHub account
Received on Thursday, 4 May 2017 10:26:15 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC