RE: Topic 1 Authentication reading notes

Thank you, Scott, for reviewing the papers. There will be opportunity to discuss these observations at the meeting.

From: Scott Hollier [mailto:scott@hollier.info]
Sent: Wednesday, March 15, 2017 3:57 AM
To: RQTF <public-rqtf@w3.org>
Subject: Topic 1 Authentication reading notes

To the RQTF

In preparation for the meeting I’ve completed reading through the papers that I was able to find around authentication with notes below.  If anyone is able to assist putting my notes in the wiki against the references with my name allocated to it  I’d be very grateful.

The key themes from these seem to be that people with mobility and vision-related disabilities don’t have any sort of authentication on their mobile phone as its inconvenient and tricky to enter, so most people have no authentication at all.  There’s a variety of methods proposed to address this, but the last paper on the list that looks at ‘pass chords’ is the most interesting here IMHO as discussed briefly in the call last week.

Scott.




Paper: Accessibility of CAPTCHA Methods
Key points:
- Computers are close to humans in being able to break OCR-based CAPTCHAs
- People with disabilities need to be included in the CAPTCHA design process

Toward Tactile Authentication for Blind Users
Key points;
- tactile authentication: users must identify tactile characters/shapes
- generally effective for people who are blind/VI as proof of concept

A Set of Heuristics for Usable Security and User Authentication
Key points:
- 153 heuristics used as a tool to evaluate the grade of achievement in some applications according to security, usability and other characteristics for user
- paper seeks heuristics to be standardised
- Conclusion states that: "The heuristics were organized based on determining which attribute or characteristic better represents the heuristic. Consequently, as it is explained in the next section, the heuristics are organized into the following six parts: usability, security, operability, accessibility, reliability and performance.
- this paper was a little out of my depth

Freedom to Roam: A Study of Mobile Device Adoption and  Accessibility for People with Visual and Motor Disabilities
Key points:
- 19 people with disabilities used mobile phones for a week to see how they overcome barriers to achieve independence
- paper may be outdated - doesn't do an effective comparison of feature phones vs smartphones

On the need for different security methods on mobile phones
Key points:
- two-level authentication based on the smartphone
- PIN not secure enough
- tested speech and touch as second-level authentication but inconvenient
- one possibility is touch fingerprint ID  embedded in screens simply using an app results in fingerprint being checked

Passchords: Secure Multi-Touch Authentication for Blind People
Key points:
- 'Passchord' authentication: A user enters a Pass Chord by tapping several times on a touch surface with one or more fingers.
- required as blind/VI users often don't have device authentication due to inconvenience, complexity and accessibility
- Passchords system better than Pin on iPhone with Voiceover




[Scott Hollier logo]Dr Scott Hollier
Digital Access Specialist
Mobile: +61 (0)430 351 909
Web: www.hollier.info<http://www.hollier.info/>

Technology for everyone

Keep up-to-date with digital access news – follow @scotthollier on Twitter<http://twitter.com/scotthollier> or e-mail newsletter@hollier.info<mailto:newsletter@hollier.info> with ‘subscribe’ in the subject line.


________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________

Received on Wednesday, 15 March 2017 12:30:49 UTC