RE: Accessible authentication Updates

+1 to the updates.   For New Issue #2 - Making it clear that we are talking about "non-text" content for the user supplied content will be helpful to clarify providing details like "name of first pet" don't fall into that category.

That then seems to indicate that approach can't be used even with the "a method to assist the user" approach - likely because input purpose mechanism under SC 1.3.5 don't support such "purposes" even if copy/paste were supported.  I think it's worth the group agreeing on whether this is the intent or not to be certain we agree.


From: Alastair Campbell <>
Sent: Wednesday, August 17, 2022 7:42 AM
To: WCAG list ( <>
Subject: Accessible authentication Updates

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi everyone,

I separated these off as they form a topic.

From the survey<> we had two Accessible Authentication questions to get agreement on, and two new ones:

2. Clarify Accessible Authentication by including "remembering user names and passwords" in the SC text #2577

Most people agree with the addition, with a couple of suggestions to put it in parenthesise and include at the AAA level. PR 2609<> has been updated to reflect that.

Several people thought that the definition covered this and the update was not needed.

I'd point out that one response appears to have misunderstood the SC and didn't think passwords would be covered, which actually helped to highlight that the update is needed.

Also, we do just the same thing in 4.1.2 where there is a definition, then parenthesise with examples of what is covered.

Does anyone object to PR 2609 which adds: (such as remembering a password or solving a puzzle) to both versions?

3. Editorial update to accessible-auth exception #2608

Tobias made a suggestion which several people agreed with (and doesn't change the meaning), so I've updated PR 2608<> to reflect that.

I also switched it from "The cognitive function tests ask" to "The cognitive function test asks", as the CFT is singular in the rest of the SC.

Any objections to that update?

New issue 1

In the thread of Issue 2592<> EricE proposed to re-structure the SC text so it uses bullet-points for the exceptions AND the alternative  & mechanism aspects.

To keep it aligned with the current meaning I suggested it use a structure more like the alt-text SC:

The question at this point is: Do people think that improves the SC and no-one would object?

If anyone objects we'll shut-down that approach now rather than take time on it, but I couldn't see a problem with it.

New issue 2

I don't think there's a separate issue for it, but in a couple of places people have raised that: identifying content the user has provided to the website could include passwords.

The original intent for this exception was for interfaces where the user provides something like an image, and then the website shows 5 (for example) images and the user has to pick theirs. It was seen as a less difficult cognitive function test because it comes from the user. Anything text related is going to fall more heavily into memorisation part of CFTs.

To resolve this, I'm proposing we remove 'text' from that exception and note. This is implemented in PR 2624<>.

Any objections?

Kind regards,



@alastc /<>

Received on Wednesday, 17 August 2022 14:42:33 UTC