Mikes request that we identify an upper limit on the number of digits from lisa.seeman on 2017-11-28 (w3c-wai-gl@w3.org from October to December 2017)

From: lisa.seeman <lisa.seeman@zoho.com>
Date: Tue, 28 Nov 2017 10:41:22 +0200
To: "W3c-Wai-Gl-Request@W3. Org" <w3c-wai-gl@w3.org>
Message-Id: <16001c7d2bf.faab910c66301.1744336204131525443@zoho.com>

Hi Folks

Mike had requested empirical evidence for what is the maximum number of digits that can be reliable copied form a device for multi factor authentication.


I am looking into it, but I actually think we should not enforce a  limit in the number of digits. Enforcing a limit on the number of digits in a security code will definitely jeopardize security. For example a code with five digits is both too high  for accessibility and lower then most secure applications would require.  It is much better to give the user an option of sending the code to the computer via Bluetooth/ token or even QR code. 


Please let me know if we want to go this rout. If not it is a lot of research for nothing. 


in the mean time Neil found some more research on sequencing problems that is useful in case we decide we would want to go in Mike's direction.

All the best

Lisa Seeman

LinkedIn, Twitter

Received on Tuesday, 28 November 2017 08:41:55 UTC