Re: Show/hide toggle to reveal masked password

The masking is done for privacy and security, and as a screen reader 
user I like that I'm afforded the same protections as everyone else. If 
you use the standard HTML password field the browser automatically 
handles this for everyone.


You're right that it can sometimes be difficult to enter passwords that 
are masked, especially if you do not use a password manager, which is 
why giving people the option to show their passwords is a good idea.


But I would strongly caution against making passwords visible by default 
because it removes those protections and takes the choice away from 
consumers.


Léonie.



On 11/07/2022 15:59, Lisa Spirko wrote:
>
> Hello all,
>
> I have been unable to find information about this on the W3C/WAI site: 
> Password masking (e.g., with asterisks or bullets) and the show/hide 
> toggle that I believe should be used to show the actual password.
>
> Most password fields use masking characters, and without this toggle, 
> screen readers read the masking characters (“star star star star…”), 
> not the actual characters being typed. This seems to me to be a 
> significant, severe accessibility issue because screen reader users 
> are unable to confirm that the password they’re entering is correct. 
> Essentially, this issue renders the entire system inaccessible because 
> the screen reader user cannot even access it. I hope you’ll consider 
> adding information about this to the site and guidelines.
>
> The W3C/WAI pages I have found so far on passwords do not mention this 
> at all, but I’m looking for information to pass along to a development 
> team. Any guidance on this is welcome.
>
> Thanks,
>
> Lisa
>
> ------------------------------------------------------------------------
>
> The information contained in this e-mail may be privileged and 
> confidential under applicable law. It is intended solely for the use 
> of the person or firm named above. If the reader of this e-mail is not 
> the intended recipient, please notify us immediately by returning the 
> e-mail to the originating e-mail address. Availity, LLC is not 
> responsible for errors or omissions in this e-mail message. Any 
> personal comments made in this e-mail do not reflect the views of 
> Availity, LLC.. 

-- 
Director @TetraLogical
https://tetralogical.com

Received on Monday, 11 July 2022 15:50:52 UTC