- From: Patrick H. Lauke <redux@splintered.co.uk>
- Date: Sat, 23 Dec 2017 18:56:04 +0000
- To: w3c-wai-gl@w3.org
On 23/12/2017 18:39, Patrick H. Lauke wrote: > On 23/12/2017 17:15, Alastair Campbell wrote: >> > How would a user be able to use another browser-based or >> extension-based password manager or similar tool on a public terminal, >> for instance? >> >> Same applies to text-modifications, screenreaders and just about any >> AT. This is the content guideline. > > Not quite, I'd argue. This SC expressly forbids something from being > done, unless a user is able to use a password manager or similar, or > there's a "governing statutory requirements". The same cannot be said > for, say, text-modifications. > > Imagine a web-based (internal) system that can only be accessed on > locked-down terminals. The system needs to authenticate users, but at > the same time doesn't allow installation of password managers, or access > to web-based password managers (and even if it did, the user would have > to log into the password manager?). Is there any way for this system to > pass the SC without compromising security/removing authentication > altogether? Or is a way to pass this, in essence: use text fields that don't prevent autofill (i.e. regular text/password input fields), which can in theory be filled in by password managers/the UA? Because if so...this SC would only prohibit a small number of scenarios (like "enter the first, third and seventh digit of your secret number" or similar), and leave any other forms of login/authentication untouched (as, unless an author goes out of their way, fields will be automatically "populatable" by password managers/UAs). And is the exception really only for "name, username, password, identification number, and email address" ? Password managers/UAs can autofill other types of information as well. Would requiring another piece of information, even if it can be autofilled, prevent the exclusion from being applied? P -- Patrick H. Lauke www.splintered.co.uk | https://github.com/patrickhlauke http://flickr.com/photos/redux/ | http://redux.deviantart.com twitter: @patrick_h_lauke | skype: patrick_h_lauke
Received on Saturday, 23 December 2017 18:56:29 UTC