← All reviews

Strategies: An Inclusive Authentication Framework

Natã M. Barbosa · 2014 · ASSETS '14: Proceedings of the 16th International ACM SIGACCESS Conference on Computers & Accessibility · doi:10.1145/2661334.2661413

Summary

This short paper proposes an interaction workflow for accessible web authentication designed to reduce the difficulties people with disabilities face when logging into websites. The framework aims to be secure, scalable, deployable, privacy-preserving, and usable for everyone—without requiring service providers to know the user's specific disability. The system uses a mobile device (smartphone) as a mediator between the user and web services. A JavaScript API in the browser communicates with the user's phone, which selects a "suitable mechanism" for authentication that is compatible with the user's abilities. This mechanism could leverage biometrics or other mobile device capabilities such as voice, face recognition, gesture, gait, accelerometer, camera, or GPS to prove identity.

Key findings

The framework defines two workflows. For first-time authentication: the browser requests device approval, a unique token is sent to the user's phone via a suitable communication mechanism (potentially guessed by machine learning from usage profiles), the user enters credentials on the phone, and these are stored locally for subsequent use. For subsequent authentication: the process is streamlined—the phone detects a token, retrieves stored credentials, and submits them automatically through the API, requiring only that the user confirm identity through their chosen mechanism. The key design principle is that the authentication mechanism adapts to the user rather than requiring the user to adapt to the mechanism. The framework is extensible, allowing new strategies to be added for different disability types.

Relevance

Authentication is a significant and often overlooked accessibility barrier. CAPTCHAs, complex password requirements, and multi-factor authentication workflows frequently exclude people with various disabilities—visual impairments make CAPTCHAs impossible, motor impairments make complex password entry difficult, and cognitive disabilities make multi-step processes confusing. This framework proposes shifting authentication to the user's own device, where interaction can be tailored to their abilities. For web developers and accessibility practitioners, the privacy-preserving aspect is particularly important: the system does not require disclosing disability status to service providers. While this is an early-stage proposal without evaluation results, it identifies a real gap in accessible web design and sketches a promising architectural approach using device-based biometric authentication.

Tags: authentication · web accessibility · privacy · security · inclusive design · biometrics · mobile devices