RE: Accessible Authentication and issue responses

> Because if so...this SC would 
> only prohibit a small number of scenarios (like "enter the first, third 
> and seventh digit of your secret number" or similar)

Also consider the 2 factor cases, where you have to transcribe a 6 digit number in 30 seconds.

The aim is to push sites to allow for other methods, such as WebAuth based hardware/OS methods like Windows Hello.

> Password managers/UAs can autofill other types of information as well. 

Yes, but the reliability is not great, and not standardised AFAICT. Sites do strange things to even username/password fields, expanding the range of things that *might* be remembered by browsers /pw-managers doesn't seem like a great approach.

Cheers,

-Alastair

Received on Sunday, 24 December 2017 00:18:22 UTC