Re: Mikes request that we identify an upper limit on the number of digits

You just pointed me to a single summary phrase under Challenges: "Copying 
information correctly." With no other qualifiers, no citations, etc., it 
is not information we can build an SC upon.

It is also doesn't support in a meaningful way your assertion that "five 
digits is too high for accessibility."

Regarding the Dyscalculia information you referred me to, it states:
> mistakes commonly made when manipulating numbers; ... Difficulty with 
numbers, specifically in cases of addition, subtraction, omission, 
reversal, and transposition. 
That doesn't address copying, it covers mathematical manipulation.

You are still not addressing/answering my basic question. Do you have ANY 
data to support and quantify your statement that copying is a problem, and 
if so, what does the research show? Where are the drop offs, what has been 
found to improve a user's ability? Where is "5 digits" coming from?

Michael Gower
IBM Accessibility
Research

1803 Douglas Street, Victoria, BC  V8T 5C3
gowerm@ca.ibm.com
voice: (250) 220-1146 * cel: (250) 661-0098 *  fax: (250) 220-8034



From:   "lisa.seeman" <lisa.seeman@zoho.com>
To:     Michael Gower <michael.gower@ca.ibm.com>
Cc:     "W3c-Wai-Gl-Request@W3. Org" <w3c-wai-gl@w3.org>
Date:   2017-11-28 10:38 AM
Subject:        Re: Mikes request that we identify an upper limit on the 
number of   digits



hi mike

try a searching on "copying" you will see issues such as "copying 
information correctly." for dementia and again with dyscalcilia.
you can also do a search on memories and memory - that will also take you 
to some relevant info.


All the best

Lisa Seeman

LinkedIn, Twitter




---- On Tue, 28 Nov 2017 19:51:51 +0200 Michael 
Gower<michael.gower@ca.ibm.com> wrote ---- 
I did a search for the word "copy" and the fragment "transcri" (to catch 
transcribe and transcription).

The only relevant references in your 2015 paper cover issues to with 
copying under time constraints. On copying alone, the paper says:
"Then the user must enter the numbers on the computer screen into the card 
reader. This shouldn't be too difficult because it requires only copying 
the numbers. "

The only reference in your second citation is:
"may have to look at or listen to text several times to copy or type it 
into a form field; "

Am I missing something?

Michael Gower
IBM Accessibility
Research

1803 Douglas Street, Victoria, BC  V8T 5C3
gowerm@ca.ibm.com
voice: (250) 220-1146 * cel: (250) 661-0098 *  fax: (250) 220-8034



From:        "lisa.seeman" <lisa.seeman@zoho.com>
To:        Michael Gower <michael.gower@ca.ibm.com>
Cc:        "W3c-Wai-Gl-Request@W3. Org" <w3c-wai-gl@w3.org>
Date:        2017-11-28 08:53 AM
Subject:        Re: Mikes request that we identify an upper limit on the 
number of   digits



Hi Mike


The issue with coping discussed in 
https://www.w3.org/TR/coga-user-research/in different user groups.  We 
have also discussed it in  the issue paper on 
https://w3c.github.io/coga/issue-papers/privacy-security.html. In addition 
to this we have the comments from members in the task force who often 
struggle with copying. My experience of disabilities such as dementia is 
that trouble will start at 2 or 3 digits, and hence any useful number will 
bar people  who can still use sites like youtube or netflixs. So 
researching this proposal doesn't really appeal to me unless there is a 
strong consensus to go here. 

If having a limit is needed to get this at this SC though, they it is a 
compromise position that we may have to do but  will exclude some people 
from using the site at all. We may have to do that, but I would much 
rather not.


All the best

Lisa Seeman

LinkedIn, Twitter




---- On Tue, 28 Nov 2017 16:52:59 +0200 Michael Gower<
michael.gower@ca.ibm.com>wrote ---- 
> For example a code with five digits is both too high  for accessibility 

One of the issues IBM opened against this SC is that to date you have 
supplied no data to support this statement, or to support the notion that 
transcription represents an impediment significant enough that an SC is 
warranted to entirely prevent its use to satisfy authentication. As 
mentioned in Issue #442 the only study cited so far was a study that 
showed that every participant was able to transfer 5 digits. So why keep 
repeating that 5 is too high?

I identified the concern to you last November and the concern about 
prohibiting copying was flagged and discussed back in April. Issue 442 has 
been open since October 8 with no response. This concern is not coming out 
of the blue, nor am I the only person to voice it.

Other considerations include identifying thresholds and relying on 
assistive technologies to augment experience to satisfy individual users 
needs. As an example, look at the thresholds for Contrast (Minimum). The 
SC demands a certain level of contrast for content. That is not going to 
satisfy the needs of all users, but based on a bunch of analysis and data, 
a threshold was established, with the assumption that a user who requires 
more contrast is going to call on an AT to augment.

My expectation would be that based on data, we would be looking at 
something similar for guidance on allowable transcription. If we don't 
have that data, then we are basing this SC on anecdotal evidence -- and as 
others have identified, it's an SC with far-reaching ramifications.

The new Animation from Interaction SC, designed to address vestibular 
disorders, had its timing parameters removed and its designation as a 
double AA moved to a triple A category because there was insufficient data 
to establish enforceable thresholds.

Michael Gower
IBM Accessibility
Research

1803 Douglas Street, Victoria, BC  V8T 5C3
gowerm@ca.ibm.com
voice: (250) 220-1146 * cel: (250) 661-0098 *  fax: (250) 220-8034



From:        "lisa.seeman" <lisa.seeman@zoho.com>
To:        "W3c-Wai-Gl-Request@W3. Org" <w3c-wai-gl@w3.org>
Date:        2017-11-28 12:45 AM
Subject:        Mikes request that we identify an upper limit on the 
number of  digits



Hi Folks

Mike had requested empirical evidence for what is the maximum number of 
digits that can be reliable copied form a device for multi factor 
authentication.

I am looking into it, but I actually think we should not enforce a  limit 
in the number of digits. Enforcing a limit on the number of digits in a 
security code will definitely jeopardize security. For example a code with 
five digits is both too high  for accessibility and lower then most secure 
applications would require.  It is much better to give the user an option 
of sending the code to the computer via Bluetooth/ token or even QR code. 

Please let me know if we want to go this rout. If not it is a lot of 
research for nothing. 

in the mean time Neil found some more research on sequencing problems that 
is useful in case we decide we would want to go in Mike's direction.

All the best

Lisa Seeman

LinkedIn, Twitter

Received on Tuesday, 28 November 2017 19:11:33 UTC