W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > October to December 2017

RE: Accessible Authentication and issue responses

From: Alastair Campbell <acampbell@nomensa.com>
Date: Sun, 24 Dec 2017 00:07:52 +0000
To: "Patrick H. Lauke" <redux@splintered.co.uk>
CC: Michael Pluke <Mike.Pluke@castle-consult.com>, Andrew Kirkpatrick <akirkpat@adobe.com>, WCAG <w3c-wai-gl@w3.org>
Message-ID: <DB6PR0901MB091955C34B021E3F4C0BE3DEB9000@DB6PR0901MB0919.eurprd09.prod.outlook.com>
> This SC expressly forbids something from being 
> done, unless a user is able to use a password manager or similar, 

It doesn't specify how the user comes up with the username/password/ email etc.

It could be with long term memory, or user-agent based, or a piece of paper, or something else. (Yes, I know it says you can't rely on a user transcribing, but that is for the content - from one site-provided place to a site provided input.)

> Imagine a web-based (internal) system that can only be accessed on 
> locked-down terminals. ... Is there any way for this system to 
> pass the SC without compromising security/removing authentication 
> altogether?

Sure, it could have a username/password and the content doesn't block pasting. 
The kiosk may not have anything to paste from, there is no user-benefit in that scenario, but the content passes. 

Received on Sunday, 24 December 2017 00:08:23 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 21:08:19 UTC