WebAIM - Web Accessibility In Mind

E-mail List Archives

Thread: RSA SecurID authenticators and Section 508

for

Number of posts in this thread: 2 (In chronological order)

From: Claudia.Case@wellsfargo.com
Date: Mon, Feb 16 2009 12:10PM
Subject: RSA SecurID authenticators and Section 508
No previous message | Next message →

Can someone tell me which part of Section 508 I should be looking at to
check the accessibility standards for an RSA SecurID authenticator?



For those who are unfamiliar with these gadgets, a SecurID authenticator
is small hand-held device that displays a randomly generated security
token. Typically, when an application requires a SecurID token, the
user is asked to look at the SecurID device to find the current token
key and then type key into a form on their computer screen, along with
the user's password.



Here is a link to the product page for this device:

http://www.rsa.com/node.aspx?id=1156



Thanks,

Claudia Case



Claudia Alden Case

Accessibility Auditor / User Experience Consultant | Wells Fargo
Bank

email: = EMAIL ADDRESS REMOVED = <mailto: = EMAIL ADDRESS REMOVED = >
| phone: (415) 371-4760

<http://aldencase.com/>;

From: Jon Gibbins
Date: Thu, Feb 19 2009 10:05AM
Subject: Re: RSA SecurID authenticators and Section 508
← Previous message | No next message

Hi Claudia,

Disclaimer: I'm not an expert on Section 508. These comments are from
what I have observed of the Section 508 standards, but not in any
practical context.

The RSA SecurID devices fail the Functional Performance Criteria
(Subpart C) under section 1194.31:
http://www.section508.gov/index.cfm?FuseAction=content&;ID=12#Functional

As they provide a purely visual output on an LCD screen, an accessible
alternative should be offered.

Also, I guess what you are looking at is a "self contained, closed
product" which under Section 508 "shall be usable by people with
disabilities without requiring an end-user to attach assistive
technology to the product", from Section 1194.25 (a):
http://www.section508.gov/index.cfm?FuseAction=content&;ID=12#Self

The devices also display time-sensitive codes, so you may also find the
device falls under Section 1194.25 (b).

Incidentally, I posted some of my own thoughts about these devices when
my bank announced that they were going to begin using them:
http://www.flickr.com/photos/dotjay/1055565994/

Jon


= EMAIL ADDRESS REMOVED = wrote:
> Can someone tell me which part of Section 508 I should be looking at to
> check the accessibility standards for an RSA SecurID authenticator?
>
>
>
> For those who are unfamiliar with these gadgets, a SecurID authenticator
> is small hand-held device that displays a randomly generated security
> token. Typically, when an application requires a SecurID token, the
> user is asked to look at the SecurID device to find the current token
> key and then type key into a form on their computer screen, along with
> the user's password.
>
>
>
> Here is a link to the product page for this device:
>
> http://www.rsa.com/node.aspx?id=1156
>
>
>
> Thanks,
>
> Claudia Case
>
>
>
> Claudia Alden Case
>
> Accessibility Auditor / User Experience Consultant | Wells Fargo
> Bank
>
> email: = EMAIL ADDRESS REMOVED = <mailto: = EMAIL ADDRESS REMOVED = >
> | phone: (415) 371-4760
>
> <http://aldencase.com/>;
>
>
>
>