W3C home > Mailing lists > Public > public-agwg-comments@w3.org > August 2020

WCAG 2.2 feedback

From: Aaron Armstrong <aaron.armstrong@mailchimp.com>
Date: Wed, 12 Aug 2020 11:10:51 -0400
Message-ID: <CAEDUjOzjFunjtHS3sXu9+rzvcYjrBfaDrCVH67Nh3wML-6ZRfg@mail.gmail.com>
To: public-agwg-comments@w3.org
Hi,

This feedback is re: 3.3.7 Accessible Authentication, which states
<https://adrianroselli.com/2020/08/whats-new-in-wcag-2-2.html>: "If an
authentication process relies on a cognitive function test, at least one
other method must also be available that does not rely on a cognitive
function test." Cognitive function tests include
<https://www.w3.org/TR/2020/WD-WCAG22-20200811/#dfn-cognitive-function-test>
"memorization,
such as remembering a username, password..."

However, the Sufficient Techniques permit
<https://www.w3.org/WAI/WCAG21/Understanding/accessible-authentication>
"providing
a properly marked up email and password inputs."

A couple issues I perceived upon first reading:

   1. One criteria mentions "username" and the other mentions "email."
   Unless the intent is to specifically recommend the use of email addresses
   and not unique usernames for login purposes, this wording should perhaps be
   standardized.
   2. More importantly, the criteria seem to list user/pass fields as both
   sufficient login technique and also a cognitive function test. I believe
   the intent here is to emphasize "properly marked up," which would allow the
   use of tools like saving login credentials in the browser or using external
   password managers and bypass the user being required to remember them. If
   this is the case, I would suggest expanding upon this in the Sufficient
   Techniques section and making these expectations clear.

I hope this is helpful. Thank you for the work you're doing!
Aaron
Received on Wednesday, 12 August 2020 17:48:15 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 12 August 2020 17:48:16 UTC