Re: COGA action requested: please review draft response to Accessible Authentication show password issue from Lisa Seeman on 2021-07-07 (public-cognitive-a11y-tf@w3.org from July 2021)

From: Lisa Seeman <lisa1seeman@gmail.com>
Date: Wed, 7 Jul 2021 10:50:35 +0300
To: Rain Michaels <rainb@google.com>
Cc: public-cognitive-a11y-tf <public-cognitive-a11y-tf@w3.org>
Message-ID: <CAKExBMK9v5A_VDZ-URb9Oi7W9ZTf_TBOFdSemXw2p2qZcqFEbA@mail.gmail.com>

I am not sure I am following but I strongly disagree with diluting the
wording of accessible authentication to allow crazy , non paistable
password ID combinations to be allowed just because you can view the
password.


Is that the proposal? My current bank has that and I have to call my
accountant to login for me on a regular basis!
It helps but anther mechanism is much better!

All the best
Lisa

On Thu, Jul 1, 2021 at 10:57 PM Rain Michaels <rainb@google.com> wrote:

> Hello COGA task force,
>
> We discussed a new response from COGA to SC 3.3.7 Accessible
> Authentication - add requirement / control to "show password" for end-users
> #1912 <https://github.com/w3c/wcag/issues/1912>. Since the discussion was
> going long, we decided that I would try to draft a response and share it
> with the group for comment.
>
> The new draft response is ready for your comments below. You can also
> review and suggest edits or make comments on the Google Doc version
> <https://docs.google.com/document/d/1SmAbdQG-ei1DrWewx61YX93gGsHUo_VM15-FDLlnP9M/edit#heading=h.o49dk19joyzp>
> if that is easier.
>
> Thank you,
>
> Rain
>
>
> For context, our response to the original issue
> <https://github.com/w3c/wcag/issues/1912#issue-923218389>:
>
> As COGA, we recommend that there should be a feature that is a toggle that
> says “show password/hide password” that enables the user to see their
> password as they enter it. At the same time, this is something that should
> be in the understanding document. This is technically not a cognitive
> function test, which is what the SC is about.
>
> Summary of responses since ours:
>
>    -
>
>    Alastair and Jake still felt it should be a new requirement
>    -
>
>    Patrick felt that it would be okay to add it to the understanding
>    document as long as it was clear it was a best practice or suggestion and
>    not required to pass the success criterion
>    -
>
>    Alastair proposed adding this text to the understanding document: “Another
>    factor that can improve the chances of success for people with cognitive
>    disabilities is being able to see the password as it is typed. Password
>    visibility is not a requirement of this criterion, but a good way of
>    reducing the cognitive load, so including a feature to optionally show the
>    password is very helpful.”
>    -
>
>    On our COGA TF call, we had concerns about the use of the word
>    “helpful,” how this relates to “transcription” as a cognitive function
>    test, and whether this was going in the wrong direction.
>
> Proposed new response following our COGA TF meeting:
>
> This is a combined response from the COGA Task Force: After reading the
> responses since our last comment (posted on June 24), we feel more strongly
> now that this should be a requirement, but we also feel that it is not a
> new requirement, and should, instead, be part of this one.
>
> We have come to this conclusion after re-reading the functional
> definition of a cognitive function test
> <https://www.w3.org/TR/WCAG22/#dfn-cognitive-function-test>, which
> clearly includes transcribing characters.
>
> SC 3.3.7 Accessible Authentication
> <https://www.w3.org/TR/WCAG22/#accessible-authentication> reads “For each
> step in an authentication process that relies on a cognitive function test,
> at least one other authentication method is available that does not rely on
> a cognitive function test, or a mechanism is available to assist the user
> in completing the cognitive function test.”
>
> The challenge is that for some individuals with cognitive disabilities,
> password visibility may be essential. To frame it from a user perspective:
> I need to see the password as I type it, and I need to see the password
> after I type it with time to review.
>
> We (the COGA task force) realize that this is a challenging request and
> has a lot of implications. Please advise on next steps so that we can help
> bring this to resolution.
>
> What you, COGA task force member, need to do:
>
> Please either +1 or -1 this proposed new response. If -1, please indicate
> why and what you would like us to do instead. If possible, please respond
> before July 3 so that we can post our response before many are gone for the
> holidays.
>
> Thank you,
>
> Rain
>
>
>

Received on Wednesday, 7 July 2021 07:59:51 UTC