RE: Copy paste for authentication

Hi John,

Currently we allow copy-paste as a mechanism to fill in usernames & passwords on the basis that people's browser/plugin can fill in those inputs automatically.

If it is a well-known issue (to this group) that copy-paste on a mobile device can be difficult or impossible for some people, then I suggest we include something in the understanding document.

E.g. "Where user-agents can perform a copy-paste task automatically you do not need to avoid transcription. However, it should be a 1-step task (e.g. click a button) across the accessibility supported<https://www.w3.org/TR/WCAG22/#dfn-accessibility-supported> technologies."

Does that make sense?

As you'll see from the original thread, it is well covered by password managers, but the mobile scenario for one-time-codes is not as well supported.

I guess one in-between case is where you have the one-time-codes in an app. Is it ok to:

  *   Start authenticating in an app;
  *   Switch to your authenticator app;
  *   Tap on a code to copy it;
  *   Switch back to the app;
  *   Tap on the input an 'paste' the code in.

I think perhaps the fact it is 5 steps answers my own question!

-Alastair


From: Rochford, John <john.rochford@umassmed.edu>
Sent: 15 September 2020 15:52
To: Alastair Campbell <acampbell@nomensa.com>
Cc: public-cognitive-a11y-tf@w3.org; Janina Sajka <janina@rednote.net>
Subject: RE: Copy paste for authentication

Hi Alastair and All,

IMHO, this is an issue of capability. For example, people with intellectual / learning disabilities may be capable of performing the steps needed for copy and paste, but not for inputting numbers, and vice versa. The SC must be inclusive of people with cognitive disabilities with different capabilities.

John

John Rochford
University of Massachusetts Medical School
Eunice Kennedy Shriver Center
Director, INDEX Program
Faculty, Family Medicine & Community Health
www.DisabilityInfo.org
About Me<https://johnrochford.com/?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=plaintext>
EasyText.AI<https://easytext.ai/>
Schedule a meeting with me.<http://bit.ly/CallJR>

Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender immediately and destroy or permanently delete all copies of the original message.

From: Janina Sajka <janina@rednote.net<mailto:janina@rednote.net>>
Sent: Tuesday, September 15, 2020 7:01 AM
To: Alastair Campbell <acampbell@nomensa.com<mailto:acampbell@nomensa.com>>
Cc: public-cognitive-a11y-tf@w3.org<mailto:public-cognitive-a11y-tf@w3.org>
Subject: Re: Copy paste for authentication


I have several accounts that occasionally employ this validation
strategy. In my experience it's most commonly triggered by my bringing
up a new machine with new browsers. This includes my recently acquired
new phone, but also a new PC this summer.

I never use copy and paste on these, personally. I simply remember the 6
digits. That's me. I'm sure that's unreasonable for people with
different disabilities.

I would note, however, that I always have the option to recieve this
code in my choice of media, usually a choice of SMS text, email, or
voice telephone.

I often take the latter as that allows me to position my browser in the
input field as the call is being placed to me and simply type the code
as I hear it on my speaker phone.

Best,

Janina

Alastair Campbell writes:
> Hi folks,
>
> An interesting question has come up about Accessible Authentication.
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fwcag%2Fissues%2F1292&amp;data=02%7C01%7Cjohn.rochford%40umassmed.edu%7C300db8760e874960795e08d8596f1a6d%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637357681005714783&amp;sdata=jcxKEDNmAYakcmx4G1V3WXVx%2BSBKNlG6G4dDPkDpcrU%3D&amp;reserved=0
>
> The crux of it seems to be: Is copy-pasting a code (e.g. a one-time access code) an issue?
>
> If that is a reliable method for the people this SC is aiming to help, we need to account for that.
>
> >From the experience of individuals in the group (directly or through observation), is copy-pasting a code (e.g. 6 digits) from one app to another a significant barrier?
>
> E.g. if you receive a 6 digit code via SMS, is pasting that into a website (or other app) an issue?
>
> Kind regards,
>
> -Alastair
>
> --
>
> @alastc / https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nomensa.com%2F&amp;data=02%7C01%7Cjohn.rochford%40umassmed.edu%7C300db8760e874960795e08d8596f1a6d%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637357681005714783&amp;sdata=st4MHcXEQF6%2FiAc80Sro1FNPplo3Cee83JVeuuumB2g%3D&amp;reserved=0<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nomensa.com%2F&amp;data=02%7C01%7Cjohn.rochford%40umassmed.edu%7C300db8760e874960795e08d8596f1a6d%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637357681005714783&amp;sdata=st4MHcXEQF6%2FiAc80Sro1FNPplo3Cee83JVeuuumB2g%3D&amp;reserved=0<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nomensa.com%2F&amp;data=02%7C01%7Cjohn.rochford%40umassmed.edu%7C300db8760e874960795e08d8596f1a6d%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637357681005714783&amp;sdata=st4MHcXEQF6%2FiAc80Sro1FNPplo3Cee83JVeuuumB2g%3D&amp;reserved=0%3chttps://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nomensa.com%2F&amp;data=02%7C01%7Cjohn.rochford%40umassmed.edu%7C300db8760e874960795e08d8596f1a6d%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637357681005714783&amp;sdata=st4MHcXEQF6%2FiAc80Sro1FNPplo3Cee83JVeuuumB2g%3D&amp;reserved=0>>
>
>

--

Janina Sajka
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkedin.com%2Fin%2Fjsajka&amp;data=02%7C01%7Cjohn.rochford%40umassmed.edu%7C300db8760e874960795e08d8596f1a6d%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637357681005714783&amp;sdata=1urHhqeRwAEvH7i6y8gIElDYTERCOc%2BrG59PCwtWG8k%3D&amp;reserved=0

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:       https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org%2F&amp;data=02%7C01%7Cjohn.rochford%40umassmed.edu%7C300db8760e874960795e08d8596f1a6d%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637357681005714783&amp;sdata=H%2BzbpL1GS%2Bu74FSNVdMNsotH0RIrxFgZd9FpCEgdAtg%3D&amp;reserved=0

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Co-Chair, Accessible Platform Architectures     https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjohn.rochford%40umassmed.edu%7C300db8760e874960795e08d8596f1a6d%7Cee9155fe2da34378a6c44405faf57b2e%7C0%7C0%7C637357681005714783&amp;sdata=ZTnqxXQrTSQQohPtokk3IFex65DxSjTWQc25kGmLaE4%3D&amp;reserved=0

Received on Tuesday, 15 September 2020 16:23:20 UTC