Re: some questions: : working on re-authentication

Hi Lisa,

I’m still not getting it: Your cat’s maiden name is not listed in the exception, nor is the bank ID card therefore they are things you would have had to memorise.

Perhaps we make the exception say:
Authentication process can rely on the user or user-agent entering personal identification information for name, username, password, and email address if the web content does not block automatic entry.

I.e. only those items, not items such as.

And, instead of ‘memorise information’, it should be ‘recall information’?

-Alastair


From: "lisa.seeman"


Another example are these one time questions such as "your cat's maiden name:" Autocomplete and password managers will not be able to answer this just because it conforms to 1.3.1 and 4.2.1 (or what ever the number references are)


---- On Thu, 21 Dec 2017 15:56:01 +0200 lisa.seeman<lisa.seeman@zoho.com<mailto:lisa.seeman@zoho.com>> wrote ----
SO i think the old version leaves it unclear that it would fail.
The user agent is not actively blocked from filling it in (such as setting autocomplete="off") rather it is not supported autofil.
Hence I prefer the wording requiring that it is supported, rather then it is "not blocked"

All the best

Lisa Seeman

LinkedIn<http://il.linkedin.com/in/lisaseeman/>, Twitter<https://twitter.com/SeemanLisa>



---- On Thu, 21 Dec 2017 14:32:33 +0200 Alastair Campbell<acampbell@nomensa.com<mailto:acampbell@nomensa.com>>wrote ----

> My bank (the example from hell) gives you different login number/card number where a "user id"  needs to match a password.



Perhaps I’m missing something, but  unless login/card number is marked as ‘username’ it would not meet the exception, therefore fail because you have to memorise or transcribe the number.



Cheers,



-Alastair