W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > October to December 2017

RE: Feasibility of authentication without transcribing

From: White, Jason J <jjwhite@ets.org>
Date: Wed, 29 Nov 2017 00:17:07 +0000
To: Alastair Campbell <acampbell@nomensa.com>, lisa.seeman <lisa.seeman@zoho.com>
CC: "W3c-Wai-Gl-Request@W3. Org" <w3c-wai-gl@w3.org>
Message-ID: <DM5PR07MB2971B8401442323174352B46AB3B0@DM5PR07MB2971.namprd07.prod.outlook.com>


From: Alastair Campbell [mailto:acampbell@nomensa.com]
Sent: Tuesday, November 28, 2017 5:16 PM

The first thing that occurs to me is that we need a registration exception, as it requires a long password, and a 4 digit pin to setup the mobile app, and/or an 8 character code for setting up SMS.
[Jason] I am not a security specialist, but I understand that the use of SMS in multi-factor authentication schemes is considered insecure and not to be a recommended practice.

________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________
Received on Wednesday, 29 November 2017 00:17:34 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 21:08:18 UTC