W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > October to December 2017

Re: Accessible Authentication and issue responses

From: Patrick H. Lauke <redux@splintered.co.uk>
Date: Sun, 24 Dec 2017 01:36:48 +0000
Cc: WCAG <w3c-wai-gl@w3.org>
Message-ID: <44f123d2-b39a-62c2-189f-007b4ee372a4@splintered.co.uk>
On 24/12/2017 00:07, Alastair Campbell wrote:
>> This SC expressly forbids something from being
>> done, unless a user is able to use a password manager or similar,
> It doesn't specify how the user comes up with the username/password/ email etc.
> It could be with long term memory, or user-agent based, or a piece of paper, or something else. (Yes, I know it says you can't rely on a user transcribing, but that is for the content - from one site-provided place to a site provided input.)

This aspect (of the copying from a piece of paper, or presumably then 
from another handheld device) isn't clear from the normative language.

Is this "copying" related to CAPTCHAs? Because again, this is a separate 
issue I'd argue, not an authentication one. It's a "challenge" rather 
than "authentication".

>> Imagine a web-based (internal) system that can only be accessed on
>> locked-down terminals. ... Is there any way for this system to
>> pass the SC without compromising security/removing authentication
>> altogether?
> Sure, it could have a username/password and the content doesn't block pasting.
> The kiosk may not have anything to paste from, there is no user-benefit in that scenario, but the content passes.

Hoping that this gets very explicitly mentioned as an example in 
understanding then. Maybe it even warrants a note in the normative 
language, to talk about user agent/environment limitations? As well as 
an explanation somewhere what "governing statutory requirements" are in 
this context.

Patrick H. Lauke

www.splintered.co.uk | https://github.com/patrickhlauke
http://flickr.com/photos/redux/ | http://redux.deviantart.com
twitter: @patrick_h_lauke | skype: patrick_h_lauke
Received on Sunday, 24 December 2017 01:37:13 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 21:08:19 UTC