RE: [EXTERNAL] Re: Show/hide toggle to reveal masked password

I've also noticed that in some cases, there is a "show password" link/button, but it isn't able to be keyboard-focused, which is baffling. I think Windows does this with bitlocker-protected drives as one not-web example.

-----Original Message-----
From: Lisa Spirko <Lisa.Spirko@availity.com> 
Sent: Monday, July 11, 2022 08:21
To: Janina Sajka <janina@rednote.net>
Cc: w3c-wai-ig@w3.org
Subject: RE: [EXTERNAL] Re: Show/hide toggle to reveal masked password

Hi Janina,

Apologies, I wasn't clear: I'm doing accessibility testing on a redesign and there is no show/hide toggle for the password at all. I'm trying to find information about how to create one to pass along to the development team.

Thanks,
Lisa Spirko
Content Designer/Developer, Client Engagement Services (formerly, Availity Learning)

-----Original Message-----
From: Janina Sajka <janina@rednote.net> 
Sent: Monday, July 11, 2022 11:11 AM
To: Lisa Spirko <Lisa.Spirko@availity.com>
Cc: w3c-wai-ig@w3.org
Subject: [EXTERNAL] Re: Show/hide toggle to reveal masked password

CAUTION: This message was received outside of the Availity Email Systems. Do Not open links or attachments unless you trust the source.

Dear Lisa:

What kind of guidance do you think is needed?

My expectation is that any but the most novice screen reader user soon learns that the "show password" button on most such logins will display the chars the user is typing.

Furthermore, many environments briefly echo the chars the user types before replacing them with masking characters, so there's a second point of validation.

Best,

Janina

Lisa Spirko writes:
> Hello all,
>
> I have been unable to find information about this on the W3C/WAI site: Password masking (e.g., with asterisks or bullets) and the show/hide toggle that I believe should be used to show the actual password.
>
> Most password fields use masking characters, and without this toggle, screen readers read the masking characters ("star star star star..."), not the actual characters being typed. This seems to me to be a significant, severe accessibility issue because screen reader users are unable to confirm that the password they're entering is correct. Essentially, this issue renders the entire system inaccessible because the screen reader user cannot even access it. I hope you'll consider adding information about this to the site and guidelines.
>
> The W3C/WAI pages I have found so far on passwords do not mention this at all, but I'm looking for information to pass along to a development team. Any guidance on this is welcome.
>
> Thanks,
> Lisa
> ________________________________
>
> The information contained in this e-mail may be privileged and confidential under applicable law. It is intended solely for the use of the person or firm named above. If the reader of this e-mail is not the intended recipient, please notify us immediately by returning the e-mail to the originating e-mail address. Availity, LLC is not responsible for errors or omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Availity, LLC..

--

Janina Sajka (she/her/hers)
https://urldefense.com/v3/__https://nam10.safelinks.protection.outlook.com/?url=https*3A*2F*2Flinkedin.com*2Fin*2Fjsajka&amp;data=05*7C01*7CLisa.Spirko*40availity.com*7Cf002745d115a4d46d57808da634f9606*7Ce0dd36ed939145d8937a5f7005a5bc68*7C1*7C0*7C637931490712296737*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000*7C*7C*7C&amp;sdata=bGeKfS*2B5w5fkEr91x257LlI8SJUmJvNLEPCcsgD2M9Q*3D&amp;reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!C5qS4YX3!BviVuZUSn1FQFX0SxKBzCyfyULPb9_6RJuFWzH_TJB-v1OU05D3QAL6KUCBjDA8U15H-yBlWmqZhOW3ZLF8tui0LMA$ 

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Co-Chair, Accessible Platform Architectures     https://urldefense.com/v3/__https://nam10.safelinks.protection.outlook.com/?url=http*3A*2F*2Fwww.w3.org*2Fwai*2Fapa&amp;data=05*7C01*7CLisa.Spirko*40availity.com*7Cf002745d115a4d46d57808da634f9606*7Ce0dd36ed939145d8937a5f7005a5bc68*7C1*7C0*7C637931490712452972*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000*7C*7C*7C&amp;sdata=nKe*2FW*2FOm*2BMKOZvUgaehq9GzJz8*2F2*2Bs3Y9q6zEMdjA8A*3D&amp;reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSU!!C5qS4YX3!BviVuZUSn1FQFX0SxKBzCyfyULPb9_6RJuFWzH_TJB-v1OU05D3QAL6KUCBjDA8U15H-yBlWmqZhOW3ZLF-SYBqYLg$ 

Received on Monday, 11 July 2022 16:01:04 UTC