COGA action requested: please review draft response to Accessible Authentication show password issue

Hello COGA task force,

We discussed a new response from COGA to SC 3.3.7 Accessible Authentication
- add requirement / control to "show password" for end-users #1912
<https://github.com/w3c/wcag/issues/1912>. Since the discussion was going
long, we decided that I would try to draft a response and share it with the
group for comment.

The new draft response is ready for your comments below. You can also
review and suggest edits or make comments on the Google Doc version
<https://docs.google.com/document/d/1SmAbdQG-ei1DrWewx61YX93gGsHUo_VM15-FDLlnP9M/edit#heading=h.o49dk19joyzp>
if that is easier.

Thank you,

Rain


For context, our response to the original issue
<https://github.com/w3c/wcag/issues/1912#issue-923218389>:

As COGA, we recommend that there should be a feature that is a toggle that
says “show password/hide password” that enables the user to see their
password as they enter it. At the same time, this is something that should
be in the understanding document. This is technically not a cognitive
function test, which is what the SC is about.

Summary of responses since ours:

   -

   Alastair and Jake still felt it should be a new requirement
   -

   Patrick felt that it would be okay to add it to the understanding
   document as long as it was clear it was a best practice or suggestion and
   not required to pass the success criterion
   -

   Alastair proposed adding this text to the understanding document: “Another
   factor that can improve the chances of success for people with cognitive
   disabilities is being able to see the password as it is typed. Password
   visibility is not a requirement of this criterion, but a good way of
   reducing the cognitive load, so including a feature to optionally show the
   password is very helpful.”
   -

   On our COGA TF call, we had concerns about the use of the word
   “helpful,” how this relates to “transcription” as a cognitive function
   test, and whether this was going in the wrong direction.

Proposed new response following our COGA TF meeting:

This is a combined response from the COGA Task Force: After reading the
responses since our last comment (posted on June 24), we feel more strongly
now that this should be a requirement, but we also feel that it is not a new
requirement, and should, instead, be part of this one.

We have come to this conclusion after re-reading the functional definition
of a cognitive function test
<https://www.w3.org/TR/WCAG22/#dfn-cognitive-function-test>, which clearly
includes transcribing characters.

SC 3.3.7 Accessible Authentication
<https://www.w3.org/TR/WCAG22/#accessible-authentication> reads “For each
step in an authentication process that relies on a cognitive function test,
at least one other authentication method is available that does not rely on
a cognitive function test, or a mechanism is available to assist the user
in completing the cognitive function test.”

The challenge is that for some individuals with cognitive disabilities,
password visibility may be essential. To frame it from a user perspective:
I need to see the password as I type it, and I need to see the password
after I type it with time to review.

We (the COGA task force) realize that this is a challenging request and has
a lot of implications. Please advise on next steps so that we can help
bring this to resolution.

What you, COGA task force member, need to do:

Please either +1 or -1 this proposed new response. If -1, please indicate
why and what you would like us to do instead. If possible, please respond
before July 3 so that we can post our response before many are gone for the
holidays.

Thank you,

Rain

Received on Thursday, 1 July 2021 19:57:42 UTC