Accessible Authentication

Hi,

I was reading over the WCAG 2.2 draft, and I have a couple comments on proposed SC 3.3.7 Accessible Authentication.


  1.  There’s use of the term “username” and “email” somewhat interchangeably between the Intent and Examples section. Are we assuming that emails and username are the same? I know there’s websites that allow for both in case you don’t want your username to be your email.
  2.  There are some websites that force users to complete captcha requirements upon an unsuccessful login to prevent bots from attempting to log in. The paragraph about cognitive function tests under the Intent section would include these. Does this mean we need to make sure that the captchas we are using are the ones with the checkbox and text of “I’m not a robot”, since most other captcha methods would fail this?

Thanks for all the work you’re doing!
Courtney

Received on Friday, 18 September 2020 07:43:21 UTC