From @simonw when still at University and loving on Python, at the time thought too quirky for most (ha! now huh?) to the infamous Frank Abegnale when still with the FBI in cybercrimes - passwords should not exist as we enter 2023. Much less 2 factor authentication voice or SMS?
Nov 11, 2022 · 4:55 AM UTC
1
1
This is not just a security or privacy concern with mobile numbers, too many passwords stored by browsers, often to cloud services, completely hackable, but to close availability to Web sites - many social, medical, and utility related, well, hello ACCESSIBILITY FAIL #a11y
1
1
When we build sites and limit access, it's accessibility. In fact, availability is a synonym - to access something means it must be available to access. This practice of not having alternatives such as email verification or the entire 2 factor - meaning more than one device? WTF?
1
1
While 2 factor authentication might be a necessary evil, like CAPTCHA without alternatives to visual only, the site is now not available, not usable, not anything. It might as well be non-existent, and the process of different devices is, for many with #a11y needs? Failure.
1
1
If you are in #security #privacy #opsec #webdesign #webdevelopment or any web related profession, please provide alternatives to 2 factor authentication and device specific, vendor driven, not aware or just don't know to go the extra mile for users no matter what? Here's a fact:
1
3
A site may use Web protocols but if money or TOS, walled garden. If CAPTCHA or 2 factor with one means to access? Not a site at all if we go by, say, design principles? To paraphrase Sir Tim Berners-Lee, we failed the Web, it did not fail us. What are we doing 33 years on? #A11y
2