W3C home > Mailing lists > Public > public-rqtf@w3.org > March 2017

Re: Topic 1 Authentication reading notes

From: David Sloan <dsloan@paciellogroup.com>
Date: Wed, 15 Mar 2017 12:45:09 +0000
Message-Id: <22611661-2B1A-43C9-99DC-3D01B986142A@paciellogroup.com>
To: RQTF <public-rqtf@w3.org>
Unfortunately I have to send regrets for today’s call. I’m on sick leave for the rest of this week.

Dave

> On 15 Mar 2017, at 12:30, White, Jason J <jjwhite@ets.org> wrote:
> 
> Thank you, Scott, for reviewing the papers. There will be opportunity to discuss these observations at the meeting.
>  
> From: Scott Hollier [mailto:scott@hollier.info] 
> Sent: Wednesday, March 15, 2017 3:57 AM
> To: RQTF <public-rqtf@w3.org>
> Subject: Topic 1 Authentication reading notes 
>  
> To the RQTF
>  
> In preparation for the meeting I’ve completed reading through the papers that I was able to find around authentication with notes below.  If anyone is able to assist putting my notes in the wiki against the references with my name allocated to it  I’d be very grateful.
>  
> The key themes from these seem to be that people with mobility and vision-related disabilities don’t have any sort of authentication on their mobile phone as its inconvenient and tricky to enter, so most people have no authentication at all.  There’s a variety of methods proposed to address this, but the last paper on the list that looks at ‘pass chords’ is the most interesting here IMHO as discussed briefly in the call last week. 
>  
> Scott.
>  
>  
>  
>  
> Paper: Accessibility of CAPTCHA Methods
> Key points:
> - Computers are close to humans in being able to break OCR-based CAPTCHAs
> - People with disabilities need to be included in the CAPTCHA design process
>  
> Toward Tactile Authentication for Blind Users
> Key points;
> - tactile authentication: users must identify tactile characters/shapes
> - generally effective for people who are blind/VI as proof of concept
>  
> A Set of Heuristics for Usable Security and User Authentication
> Key points:
> - 153 heuristics used as a tool to evaluate the grade of achievement in some applications according to security, usability and other characteristics for user
> - paper seeks heuristics to be standardised
> - Conclusion states that: "The heuristics were organized based on determining which attribute or characteristic better represents the heuristic. Consequently, as it is explained in the next section, the heuristics are organized into the following six parts: usability, security, operability, accessibility, reliability and performance.
> - this paper was a little out of my depth
>  
> Freedom to Roam: A Study of Mobile Device Adoption and  Accessibility for People with Visual and Motor Disabilities
> Key points:
> - 19 people with disabilities used mobile phones for a week to see how they overcome barriers to achieve independence
> - paper may be outdated - doesn't do an effective comparison of feature phones vs smartphones
>  
> On the need for different security methods on mobile phones
> Key points:
> - two-level authentication based on the smartphone
> - PIN not secure enough
> - tested speech and touch as second-level authentication but inconvenient
> - one possibility is touch fingerprint ID  embedded in screens simply using an app results in fingerprint being checked
>  
> Passchords: Secure Multi-Touch Authentication for Blind People
> Key points:
> - 'Passchord' authentication: A user enters a Pass Chord by tapping several times on a touch surface with one or more fingers.
> - required as blind/VI users often don't have device authentication due to inconvenience, complexity and accessibility
> - Passchords system better than Pin on iPhone with Voiceover
>  
>  
>  
>  
> <image002.png>Dr Scott Hollier 
> Digital Access Specialist
> Mobile: +61 (0)430 351 909
> Web: www.hollier.info
>  
> Technology for everyone
>  
> Keep up-to-date with digital access news – follow @scotthollier on Twitter or e-mail newsletter@hollier.info with ‘subscribe’ in the subject line.
>  
> 
> This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
> 
> 
> Thank you for your compliance.
> 

David Sloan

UX Research Lead
The Paciello Group
dsloan@paciellogroup.com

CONFIDENTIALITY NOTICE: The information contained in this message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any use, disclosure, dissemination, distribution or copying of any portion of this message or any attachment is strictly prohibited. If you think you have received this message in error, please notify the sender at the above e-mail address, and delete this e-mail along with any attachments. Thank you.
Received on Wednesday, 15 March 2017 12:45:44 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 17 January 2023 20:26:44 UTC