- From: Alastair Campbell <acampbell@nomensa.com>
- Date: Sun, 24 Dec 2017 00:07:52 +0000
- To: "Patrick H. Lauke" <redux@splintered.co.uk>
- CC: Michael Pluke <Mike.Pluke@castle-consult.com>, Andrew Kirkpatrick <akirkpat@adobe.com>, WCAG <w3c-wai-gl@w3.org>
> This SC expressly forbids something from being > done, unless a user is able to use a password manager or similar, It doesn't specify how the user comes up with the username/password/ email etc. It could be with long term memory, or user-agent based, or a piece of paper, or something else. (Yes, I know it says you can't rely on a user transcribing, but that is for the content - from one site-provided place to a site provided input.) > Imagine a web-based (internal) system that can only be accessed on > locked-down terminals. ... Is there any way for this system to > pass the SC without compromising security/removing authentication > altogether? Sure, it could have a username/password and the content doesn't block pasting. The kiosk may not have anything to paste from, there is no user-benefit in that scenario, but the content passes. -Alastair
Received on Sunday, 24 December 2017 00:08:23 UTC