> Because if so...this SC would > only prohibit a small number of scenarios (like "enter the first, third > and seventh digit of your secret number" or similar) Also consider the 2 factor cases, where you have to transcribe a 6 digit number in 30 seconds. The aim is to push sites to allow for other methods, such as WebAuth based hardware/OS methods like Windows Hello. > Password managers/UAs can autofill other types of information as well. Yes, but the reliability is not great, and not standardised AFAICT. Sites do strange things to even username/password fields, expanding the range of things that *might* be remembered by browsers /pw-managers doesn't seem like a great approach. Cheers, -AlastairReceived on Sunday, 24 December 2017 00:18:22 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 21:08:19 UTC