RE: Next steps for accessible authentication

Yes jason, we had people involved insecurity working on this which is why password managers were not included as a proposed solution 

All the best

Lisa Seeman

LinkedIn, Twitter





---- On Tue, 20 Jun 2017 17:57:32 +0300  White<jjwhite@ets.org> wrote ---- 

  p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0.0in; font-size: 11.0pt; font-family: Calibri , sans-serif; } a:link, span.MsoHyperlink { color: blue; text-decoration: underline; } a:visited, span.MsoHyperlinkFollowed { color: purple; text-decoration: underline; } p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph { margin-right: 0.0in; margin-left: 0.0in; font-size: 11.0pt; font-family: Calibri , sans-serif; } p.msonormal0, li.msonormal0, div.msonormal0 { margin-right: 0.0in; margin-left: 0.0in; font-size: 11.0pt; font-family: Calibri , sans-serif; } p.imprintuniqueid, li.imprintuniqueid, div.imprintuniqueid { margin: 0.0in; font-size: 11.0pt; font-family: Calibri , sans-serif; } span.EmailStyle21 { font-family: Calibri , sans-serif; color: windowtext; } *.MsoChpDefault { font-size: 10.0pt; } div.WordSection1 { page: WordSection1; }     
  
     From: Michael Pluke [mailto:Mike.Pluke@castle-consult.com] 
 Sent: Tuesday, June 20, 2017 10:29 AM
 
 
 
 
     As a password manager user I agree that they have the potential to solve password memorization/recall for all users (not just those with disabilities that affect long-term memory). In practice they can make things worse when sites do not allow the strong un-memorable passwords to be automatically copied into the entry fields! An SC that disallowed such blocking could be very valuable.
 [Jason] Some organizations (such as financial institutions) may have good security reasons to disallow password managers. This observation reinforces my view that we need a strong security review of this proposal.
 
 
 
 
 
 
 
  This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
 
 Thank you for your compliance.
  

Received on Tuesday, 20 June 2017 15:03:10 UTC