WCAG 2.0 Understanding Page

Intent

This section contains the main explanatory content of the Understanding. It explains why the Guideline or Success Criterion exists and, at a high level, how to meet it.

The intent of this success criterion is to ensure that, if users are able to make use of content they are seeking, they do not encounter a barrier that prevents them from accessing it.

Most user interfaces are designed to help users complete tasks. However, traditionally, web security and privacy technologies intentionally introduce barriers to task completion. They require users to perceive more and to do more to complete tasks.

Many user authentication methods rely upon trying to differentiate between a human, and software (bots) that try to pose as a human. The most common way of trying to make this distinction is by the setting of tasks that rely upon human abilities, and that are almost impossible for software (bots) to perform. These methods can frequently be quite challenging for people who have a high level of relevant ability. For people who have a lower level of relevant ability, an authentication task often presents an insurmountable barrier.

An alternative user authentication method is required for users who are temporarily or permanently unable to use the primary user-authentication method. One important example is where users would be unable to use a primary user authentication method, such as when they do not have a suitable trusted device, or if they are not subscribed to or are unable to access third-party services (often part of user authentication methods), which would meet the criteria for primary user-authentication methods.

The six abilities that are referred to in the alternative success criterion are those that are frequently employed as user authentication methods. The SC asks for the availability of at least one method that does not rely upon any of these abilities being offered.

Benefits

This explains how following the success criterion benefits particular types of users with disabilities.

Without this success criterion, many people cannot use an application or content at all. See Security and Privacy Technologies issue paper for the full description of this issue, and how it stops people from using web services that are often critical. Many people cannot make doctors appointments, etc., by themselves. This may be partly responsible for the reduced life expectancy of people with learning and cognitive disabilities.

With this success criterion, people who are able to use a primary user authentication method will be able to successfully complete a user authentication procedure almost irrespective of the level of their cognitive abilities. Those who have to use an alternative method will be able to successfully complete a user authentication even though they have limited levels of the cognitive abilities specified in the success criterion.

Examples

Examples in Understanding pages are normally simple lists of hand-waving examples. Sometimes, examples are instead provided in sub-sections with headings. In either case, examples should stay high-level and not get into code specifics, which is for techniques.

Example

As a user who has memory impairments and often forgets passwords, I need to be able to use a site, without remembering or copying passwords and user names, so that I can use this service.
As a user who has impairments, I need to be able to use a site without being required to copy items in the correct sequence.
As a user who has weak executive function, I need the login process to be simple, and not multi-step, so that I can use it.
As a symbol user, I need a login process I can use.

Techniques

This section references techniques that can be used to meet the Guideline or Success Criterion. There are sub-sections for sufficient techniques, advisory techniques, and failures.

Within each sub-section, there may be "situations" to describe when a set of techniques need to be considered. Remove the sub-section and heading if situations are not used.
Techniques are provided in an unordered list. Reference techniques by linking to the filename of the technique and using the technique ID as link text. Use unlinked plain text if the technique has not been written yet.
If more than one technique must be used for full sufficiency, list them in the same bullet separated by "AND".
If a general technique requires technology-specific techniques to be implemented, end the bullet with "using" and provide a sub-list of those techniques.
Square brackets indicate optional components.

Remove any parts of the template that are not used, such as the section and heading for situations, sub-lists of techniques, or the "AND" construction. Also remove the square brackets around placeholder optional components.

Sufficient

Techniques that are sufficient to meet the Guideline or Success Criterion.

Situation

ID [AND ID]* [using]
- ID

Advisory

Techniques that are not sufficient by themselves to meet the Guideline or Success Criterion.

Same template as sufficient techniques.

Provide text alternatives that identify and describe the purpose of the non-text content.
- See [[WCAG20]] Guideline 1.1.
Turn off or adjust time limits, including allowing continuation of activity without reauthentication.
- See [[WCAG20]], Guideline 2.2.
Help users avoid and correct mistakes.
- See [[WCAG20]], Guideline 3.3.
Save submitted data for reuse after a user authenticates.
- See [[WCAG20]], Technique G105.
Encode user data as hidden or encrypted in a re-authorization page.
- See[[WCAG20]], Technique G181.

Failure

Techniques that document conditions that would cause the page not to meet the Guideline or Success Criterion, even if sufficient techniques are also used.