Re: Accessible authentication Updates from Gregg Vanderheiden on 2022-08-22 (w3c-wai-gl@w3.org from July to September 2022)

From: Gregg Vanderheiden <gregg@vanderheiden.us>
Date: Mon, 22 Aug 2022 08:52:57 -0700
To: Alastair Campbell <acampbell@nomensa.com>
Cc: "w3c-waI-gl@w3. org" <w3c-wai-gl@w3.org>
Message-Id: <620EC0C3-A473-4727-A055-B51BE2D8C5A5@vanderheiden.us>

No objection — but we should include a note that "allowing passwords to be pasted in - does not require that the person remember a password"    or some other wording that 
a) does not sound like we just suddenly are not allowing any passwords to be use on the web (that will create a quick firestorm) and 
b) stops the practice of blocking the pasting of passwords into a field (thus requiring a heavy cognitive memory task that can be very difficult for many really good strong passwords) 




Gregg Vanderheiden
gregg@vanderheiden.us



> On Aug 22, 2022, at 2:09 AM, Alastair Campbell <acampbell@nomensa.com> wrote:
> 
> Hi everyone,
>  
> I don’t think we’ve had any concerns about these updates, but I’ll state them concisely here.
>  
> Firstly, some fairly editorial updates:
>  
> 2. Clarify Accessible Authentication by including "remembering user names and passwords" in the SC text #2577  <>
>  
> Most people agree with the addition, with a couple of suggestions to put it in parenthesise and include at the AAA level. PR 2609 <https://github.com/w3c/wcag/pull/2609/files> has been updated to reflect that.
>  
> There was a concern about the term “cognitive function test”, but for want of a better alternative, they could live with it.
>  
> Does anyone object to PR 2609 <https://github.com/w3c/wcag/pull/2609/files> which adds: (such as remembering a password or solving a puzzle) to both versions?
>  
>  
> 3. Editorial update to accessible-auth exception #2608  <>
>  
> Tobias made a suggestion which several people agreed with (and doesn’t change the meaning), so I’ve updated PR 2608 <https://github.com/w3c/wcag/pull/2608/files> to reflect that.
>  
> Any objections to that update?
>  
>  
> New issue 2
>  
> I don’t think there’s a separate issue for it, but in a couple of places people have raised that: identifying content the user has provided to the website could include passwords. 
>  
> To resolve this, I’m proposing we use “non-text content” in the exception, and remove ‘text’ from the note. This is implemented in PR 2624 <https://github.com/w3c/wcag/pull/2624/files>. 
>  
> Any objections?
>  
>  
> Then a more substantial re-structure:
>  
> New issue 1
>  
> In the thread of Issue 2592 <https://github.com/w3c/wcag/issues/2592> EricE proposed to re-structure the SC text so it uses bullet-points for the exceptions AND the alternative  & mechanism aspects. 
>  
> To keep it aligned with the current meaning I suggested it use a structure more like the alt-text SC:
> https://github.com/w3c/wcag/issues/2592#issuecomment-1217758169 <https://github.com/w3c/wcag/issues/2592#issuecomment-1217758169>
>  
> The question at this point is: Do people think that improves the SC and no-one would object?
>  
> If anyone objects, we’ll shut-down that approach now rather than take time on it but I couldn’t see a problem with it.
>  
> Kind regards,
>  
> -Alastair
>  
> -- 
>  
> @alastc / www.nomensa.com <http://www.nomensa.com/>

Received on Monday, 22 August 2022 15:53:13 UTC