- From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Wed, 2 Jan 2008 19:27:35 +0000 (GMT)
- To: public-wsc-wg@w3.org
ISSUE-157: Masking only MUST for passwords [wsc-xit] http://www.w3.org/2006/WSC/track/issues/ Raised by: Mary Ellen Zurko On product: wsc-xit 7.6 Assuming it's possible, it would be far better if the user agent continue to be smart about password field display. This would reduce the burden of the editor bar, and the ability to mark strings for masking would be a MAY. The display name of each string input to a site in a password field could be "[petname] password [n]" where n provides a sequence number. The feature that allows for masking of other strings would also allow for renaming of these defaults. Here's a crack at the rewrite of the 2nd pargraph: Strings in the text entry tool history that were input into password fields MUST have a meaningful and unique [display name]. One (english) example is "[site petname] password [n]", where "n" provides a sequence number in case of multiple entries. Wherever a text string would be displayed by the editor bar, the provided display name MUST be shown in its place, as well as an indication that the displayed text is a display name. Users SHOULD be provided with an interaction to change display names, and MAY be provided with a mechanism to give other sensitive strings display names. I left out the auto completion part because I don't buy it; I think that part is still up for grabs (some simple user testing should show). It can obviously be recommended by the examples, prototypes, and code that come along as we work on the spec. The last line in that paragraph didn't add anything; the editor bar would not work at all if that line was not followed.
Received on Wednesday, 2 January 2008 19:27:39 UTC