WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: Accessible authentication and "transcription"

for

From: Peter Bossley
Date: Oct 8, 2023 5:49PM

Note that if the code is only valid for a short period of time e.g. 30 seconds like some TOTPs that might be too short to be a valid argument under the copy - paste theory. This is something that I've raised as something the working group should clarify.


-----Original Message-----
From: WebAIM-Forum < <EMAIL REMOVED> > On Behalf Of Patrick H. Lauke
Sent: Sunday, October 8, 2023 3:27 PM
To: <EMAIL REMOVED>
Subject: Re: [WebAIM] Accessible authentication and "transcription"


On 08/10/2023 20:19, Damon van Vessem wrote:
> Greetings,
>
> I have a question about 3.3.8 Accessible Authentication (AA), specifically
> about “transcribing” information. Let’s say a user is trying to sign in on
> their laptop and a 2-factor mechanism requires them to use one-time code
> received/generated on their phone. Is this an acceptable solution, since it
> requires them to type (transcribe?) the code on their laptop?

If they can only transcribe it manually, then that fails. There is some
gray area around the idea that they can potentially copy it on device,
then transfer it to their machine (for instance, emailing it over, or
with OS integrations that let you have a shared clipboard between devices).

P
--
Patrick H. Lauke

https://www.splintered.co.uk/ | https://github.com/patrickhlauke
https://flickr.com/photos/redux/ | https://www.deviantart.com/redux
https://mastodon.social/@patrick_h_lauke | skype: patrick_h_lauke