- From: Aaron Armstrong <aaron.armstrong@mailchimp.com>
- Date: Wed, 12 Aug 2020 11:10:51 -0400
- To: public-agwg-comments@w3.org
- Message-ID: <CAEDUjOzjFunjtHS3sXu9+rzvcYjrBfaDrCVH67Nh3wML-6ZRfg@mail.gmail.com>
Hi, This feedback is re: 3.3.7 Accessible Authentication, which states <https://adrianroselli.com/2020/08/whats-new-in-wcag-2-2.html>: "If an authentication process relies on a cognitive function test, at least one other method must also be available that does not rely on a cognitive function test." Cognitive function tests include <https://www.w3.org/TR/2020/WD-WCAG22-20200811/#dfn-cognitive-function-test> "memorization, such as remembering a username, password..." However, the Sufficient Techniques permit <https://www.w3.org/WAI/WCAG21/Understanding/accessible-authentication> "providing a properly marked up email and password inputs." A couple issues I perceived upon first reading: 1. One criteria mentions "username" and the other mentions "email." Unless the intent is to specifically recommend the use of email addresses and not unique usernames for login purposes, this wording should perhaps be standardized. 2. More importantly, the criteria seem to list user/pass fields as both sufficient login technique and also a cognitive function test. I believe the intent here is to emphasize "properly marked up," which would allow the use of tools like saving login credentials in the browser or using external password managers and bypass the user being required to remember them. If this is the case, I would suggest expanding upon this in the Sufficient Techniques section and making these expectations clear. I hope this is helpful. Thank you for the work you're doing! Aaron
Received on Wednesday, 12 August 2020 17:48:15 UTC