RE: CFC - Accessible Authentication and issue responses (-1, objection)

Hi David,

My responses are within your message text below.

John

John Rochford<http://bit.ly/profile-rj>
UMass Medical School/E.K. Shriver Center
Director, INDEX Program
Instructor, Family Medicine & Community Health
www.DisabilityInfo.org
Twitter: @ClearHelper<https://twitter.com/clearhelper>

Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender immediately and destroy or permanently delete all copies of the original message.

From: David MacDonald [mailto:david100@sympatico.ca]
Sent: Sunday, December 31, 2017 8:29 AM
To: lisa.seeman <lisa.seeman@zoho.com>
Cc: Rochford, John <john.rochford@umassmed.edu>; WCAG <w3c-wai-gl@w3.org>; Andrew Kirkpatrick <akirkpat@adobe.com>
Subject: Re: CFC - Accessible Authentication and issue responses (-1, objection)

Hi John

I've read through the study I believe you are referring to in “Clinical Assessment, Computerized Methods, and Instrumentation” by F.J. Maarse, L.J.M. Mulder, A.N. Brand, A.E. Akkerman.

John: I am impressed and pleased you reviewed the study in detail.

It is an interesting study. It appears to me that all of the participants in the study were able to complete the task of copying numbers. There were no brick walls in this particular study.

The Inter Response Intervals (IRI) were longer for those with short term memory loss it also found that as the exercise is repeated the digits shift from short term to long term memory and response times become quicker.

John: A reasonable corollary then is that practice with a set of numbers (password) is needed to quickly enter it.

Therefore it is reasoned that the IRI can be used to measure short term memory capacity.
The variation in IRI was from 400ms to 1100 ms. This is the amount of time taken between typing one number and the next. In this study there were 5 numbers in each string.

If there were 20 numbers in the string which is the outer limit of most passwords, I think it could be reasoned that the slowest participant would have taken 2200 ms or 22 seconds give that they were memorizing one number at a time and copying it.

John: Even if so, it’s unlikely the “slowest participant” could achieve that without prior practice (repetition).

It appears to me from this study that the issue is not about the inability to copy digits, but rather how long it takes to copy. The important concern appears to be about *how long* a user has to enter the number. Would it make sense that this become the requirement for this SC... that users have enough time to enter the information, and if so, is it not covered in SC 2.2.1 "timing adjustable" which requires that users have up to 10 times the default of any timed event, including password entry?

If the proposal is that it is not possible to hold one number in short term memory, and therefore transcribing is a brick wall, then I think we need another study to demonstrate that, as in this one all participants could transcribe the numbers.

John: It seems your example assumes a user has already engaged in the practice needed to enter a password quickly. Also, it may not take into account the burden of practice for multiple passwords. I think our SC must not have these dependencies.

Cheers,
David MacDonald



CanAdapt Solutions Inc.

Tel:  613.235.4902

LinkedIn
<http://www.linkedin.com/in/davidmacdonald100>

twitter.com/davidmacd<http://twitter.com/davidmacd>

GitHub<https://github.com/DavidMacDonald>

www.Can-Adapt.com<http://www.can-adapt.com/>



  Adapting the web to all users
            Including those with disabilities

If you are not the intended recipient, please review our privacy policy<http://www.davidmacd.com/disclaimer.html>

On Sun, Dec 31, 2017 at 6:37 AM, lisa.seeman <lisa.seeman@zoho.com<mailto:lisa.seeman@zoho.com>> wrote:
0

I am happy to see this in WCAG but I am objecting to the level AAA

This is a complete block for many people with disabilities. It is implementable and testable, and therefor should be level A.


All the best

Lisa Seeman

LinkedIn<http://il.linkedin.com/in/lisaseeman/>, Twitter<https://twitter.com/SeemanLisa>



---- On Fri, 22 Dec 2017 18:26:26 +0200 Rochford<john.rochford@umassmed.edu<mailto:john.rochford@umassmed.edu>> wrote ----
Hi All,

-1 for me.

Recalling and transcribing information involve working memory. People with cognitive disabilities suffer from deficits in short term and long term working memory. They cannot even copy information because, by the time they look away from the input field, look at the info, then look back to the input field, they have forgotten the information.

For empirical evidence, see “Clinical Assessment, Computerized Methods, and Instrumentation<https://books.google.com/books?hl=en&lr=&id=lcJ4AgAAQBAJ&oi=fnd&pg=PP1&dq=Clinical+Assessment,+Computerized+Methods,+and+Instrumentation+%2BMaarse&ots=Af_VcE3m6C&sig=5bhGxDliGUes9JP_eaTi-oN2n90#v=onepage&q=Clinical%20Assessment%2C%20Computerized%20Methods%2C%20and%20Instrumentation%20%2BMaarse&f=false>” by F.J. Maarse, L.J.M. Mulder, A.N. Brand, A.E. Akkerman.

John

John Rochford<http://bit.ly/profile-rj>
UMass Medical School/E.K. Shriver Center
Director, INDEX Program
Instructor, Family Medicine & Community Health
www.DisabilityInfo.org<http://www.DisabilityInfo.org>
Twitter: @ClearHelper<https://twitter.com/clearhelper>

Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender immediately and destroy or permanently delete all copies of the original message.

From: David MacDonald [mailto:david100@sympatico.ca<mailto:david100@sympatico.ca>]
Sent: Friday, December 22, 2017 10:13 AM
To: Katie Haritos-Shea <ryladog@gmail.com<mailto:ryladog@gmail.com>>
Cc: Wilcock, Mark <mark.wilcock@atos.net<mailto:mark.wilcock@atos.net>>; WCAG <w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>>
Subject: Re: CFC - Accessible Authentication and issue responses

+1


Cheers,
David MacDonald



CanAdapt Solutions Inc.

Tel:  613.235.4902<tel:(613)%20235-4902>

LinkedIn
<http://www.linkedin.com/in/davidmacdonald100>

twitter.com/davidmacd<http://twitter.com/davidmacd>

GitHub<https://github.com/DavidMacDonald>

http://www.can-adapt.com/




  Adapting the web to all users
            Including those with disabilities

If you are not the intended recipient, please review our privacy policy<http://www.davidmacd.com/disclaimer.html>

On Fri, Dec 22, 2017 at 9:00 AM, Katie Haritos-Shea <ryladog@gmail.com<mailto:ryladog@gmail.com>> wrote:
+1

On Dec 22, 2017 5:41 AM, "Wilcock, Mark" <mark.wilcock@atos.net<mailto:mark.wilcock@atos.net>> wrote:
+1

From: Andrew Kirkpatrick [mailto:akirkpat@adobe.com<mailto:akirkpat@adobe.com>]
Sent: 22 December 2017 04:55
To: WCAG <w3c-wai-gl@w3.org<mailto:w3c-wai-gl@w3.org>>
Subject: CFC - Accessible Authentication and issue responses
Importance: High

Call For Consensus — ends Tuesday January 2nd at 11:45PM Boston time.

The Working Group has discussed a change to the note in the Accessible Authentication SC.

The specific changes are detailed in this pull request (https://github.com/w3c/wcag21/pull/646)  and can be viewed at http://rawgit.com/w3c/wcag21/accessible-authentication-update/guidelines/index.html#accessible-authentication.


Issue responses: https://www.w3.org/WAI/GL/wiki/2-2-6_Revision


 Call minutes: https://www.w3.org/2017/12/21-ag-minutes.html#item03


If you have concerns about this proposed consensus position that have not been discussed already and feel that those concerns result in you “not being able to live with” this decision, please let the group know before the CfC deadline.

Thanks,
AWK

Andrew Kirkpatrick
Group Product Manager, Accessibility
Adobe

akirkpat@adobe.com<mailto:akirkpat@adobe.com>
http://twitter.com/awkawk<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2Fawkawk&data=02%7C01%7C%7C54093524ef264326424008d51cd66c05%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636446629619786436&sdata=c5UP0xiniJIppvd6Esu1XA%2FbX1ykpABkhgCCmBp%2Fht8%3D&reserved=0>



Atos, Atos Consulting, Worldline and Canopy The Open Cloud Company are trading names used by the Atos group. The following trading entities are registered in England and Wales: Atos IT Services UK Limited (registered number 01245534), Atos Consulting Limited (registered number 04312380), Atos Worldline UK Limited (registered number 08514184) and Canopy The Open Cloud Company Limited (registration number 08011902). The registered office for each is at 4 Triton Square, Regent’s Place, London, NW1 3HG.The VAT No. for each is: GB232327983.

This e-mail and the documents attached are confidential and intended solely for the addressee, and may contain confidential or privileged information. If you receive this e-mail in error, you are not authorised to copy, disclose, use or retain it. Please notify the sender immediately and delete this email from your systems. As emails may be intercepted, amended or lost, they are not secure. Atos therefore can accept no liability for any errors or their content. Although Atos endeavours to maintain a virus-free network, we do not warrant that this transmission is virus-free and can accept no liability for any damages resulting from any virus transmitted. The risks are deemed to be accepted by everyone who communicates with Atos by email.