Re: some questions: : working on re-authentication

> as worded - the logic is circular.

I donít understand why you think that?

> the "if not blockĒ should be a technique not a requirement or exception.

Some sites intentionally block user-agents from filing in form fields, how would you phrase it? As far as I can tell, we have to provide a short list of things that we except from the no-recal/transcribe requirement in order to both help users, and make it feasiable.

  *   have to give personal (very personal) info to every tom dick and harry website

You know you can use username/passsword? How is that different from every site now? There is a short list of items we can rely on people entering (bypassing the no-recall/transcribe requirement). Those should not be the only method, they are part of alternative methods.

  *   you need to use biometrics  ó and the author of a webpage cannot know if biometrics are available on the other end ( and in fact they are NOT available on the other end much of the time)

You donít have to use biometrics, but if a site setup that facility, it would know it was available. It would work on a per-account basis, so as long as the user can enter their username (or equivalent) identifying information, the site can provide the 2nd factor they have setup.


Received on Sunday, 24 December 2017 08:07:03 UTC