Accessible authentication Updates

Hi everyone,

I separated these off as they form a topic.

From the survey<> we had two Accessible Authentication questions to get agreement on, and two new ones:

2. Clarify Accessible Authentication by including "remembering user names and passwords" in the SC text #2577

Most people agree with the addition, with a couple of suggestions to put it in parenthesise and include at the AAA level. PR 2609<> has been updated to reflect that.

Several people thought that the definition covered this and the update was not needed.

I’d point out that one response appears to have misunderstood the SC and didn’t think passwords would be covered, which actually helped to highlight that the update is needed.

Also, we do just the same thing in 4.1.2 where there is a definition, then parenthesise with examples of what is covered.

Does anyone object to PR 2609 which adds: (such as remembering a password or solving a puzzle) to both versions?

3. Editorial update to accessible-auth exception #2608

Tobias made a suggestion which several people agreed with (and doesn’t change the meaning), so I’ve updated PR 2608<> to reflect that.

I also switched it from “The cognitive function tests ask” to “The cognitive function test asks”, as the CFT is singular in the rest of the SC.

Any objections to that update?

New issue 1

In the thread of Issue 2592<> EricE proposed to re-structure the SC text so it uses bullet-points for the exceptions AND the alternative  & mechanism aspects.

To keep it aligned with the current meaning I suggested it use a structure more like the alt-text SC:

The question at this point is: Do people think that improves the SC and no-one would object?

If anyone objects we’ll shut-down that approach now rather than take time on it, but I couldn’t see a problem with it.

New issue 2

I don’t think there’s a separate issue for it, but in a couple of places people have raised that: identifying content the user has provided to the website could include passwords.

The original intent for this exception was for interfaces where the user provides something like an image, and then the website shows 5 (for example) images and the user has to pick theirs. It was seen as a less difficult cognitive function test because it comes from the user. Anything text related is going to fall more heavily into memorisation part of CFTs.

To resolve this, I’m proposing we remove ‘text’ from that exception and note. This is implemented in PR 2624<>.

Any objections?

Kind regards,



@alastc /<>

Received on Wednesday, 17 August 2022 11:42:25 UTC