E-mail List Archives
Re: online accessibility and privacy
From: deborah.kaplan
Date: Feb 27, 2015 7:11AM
- Next message: Sailesh Panchang: "Vocation as medical technicians for blind female Braille readers"
- Previous message: Birkir R. Gunnarsson: "Re: online accessibility and privacy"
- Next message in Thread: Terzian, Sharon: "Re: online accessibility and privacy"
- Previous message in Thread: Birkir R. Gunnarsson: "Re: online accessibility and privacy"
- View all messages in this Thread
Birkir R. Gunnarsson wrote:
> web accessibility concerns in the field are not so much directly related to security but more about exclusions.
I think I mentioned this on list last time the question came up,
but password or passphrase-based authentication can be a real
problem for people who use alternative input methods, especially
voice. It is impossible to dictate a password securely in the
presence of other people.
I've tried various workarounds, but all of them have other
security implications. Insecure passwords can be stored in voice
or button macros, but that means that the macro file is
vulnerable. Where the software allows fingerprint-based input, an
individual who has sufficient use of their hands to control a
fingerprint can use that as an alternative, but (1) many people
who can't use keyboards or touchscreens also can't use
fingerprint sensors, and (2) that has legal implications, as the
US courts have maintained that you cannot be forced to input a
password into a device, but you can be forced to unlock by
fingerprint.
The difficulty of entering passwords, passphrases, and security
codes via alternative input methods also means that people who
can't type are less likely to use two factor authentication, thus
making all of their accounts more vulnerable to hacks.
And of course, many of the exclusions that Birkir mentioned for
blind/VI users are also problems for people who use alternative
input methods. If you can't control ATM buttons, how can you type
in your PIN without giving it to somebody else? Any kind of
password/passcode authentication can be much more difficult for
people with limited or no hand control.
As an aside, I'm no expert on cognitive disability, but I would
assume that the current ways we handle password failures,
lockouts, unclear and underspecified character requirements for
new passwords, password expiration, and two factor authentication
are massive cognitive blockers for a lot of people.
Deborah Kaplan
- Next message: Sailesh Panchang: "Vocation as medical technicians for blind female Braille readers"
- Previous message: Birkir R. Gunnarsson: "Re: online accessibility and privacy"
- Next message in Thread: Terzian, Sharon: "Re: online accessibility and privacy"
- Previous message in Thread: Birkir R. Gunnarsson: "Re: online accessibility and privacy"
- View all messages in this Thread