Re: Show/hide toggle to reveal masked password

I went looking for a React/Vue component as I've seen some before, but
found this instead
https://incl.ca/show-hide-password-accessibility-and-password-hints-tutorial/

On Mon, Jul 11, 2022 at 8:02 PM John Foliot <john@foliot.ca> wrote:

> Hi Lisa
>
> I'll tack onto  Léonie's comments by noting that at one time there was
> some discussion of creating an ARIA role of password (role="password")
> which a number of us objected to at the time, fearing misuse of the strong
> semantics of that proposed role. It could have made a text input appear to
> be a password field to non-sighted users ONLY (since ARIA overrides native
> semantics) which could have been a serious security issue because of that.
>
> While I can appreciate that there may be instances where users may want to
> see/hear what password they are entering is, overall I think that
> encouraging the use of a password manager (which supports REALLY STRONG
> password strings that you never have to remember yourself) is a far better
> strategy overall - the current ability we see on some sites to expose
> hidden passwords would seem to me to be weakening the point of a password
> field in the first place - but that's just me.
>
> Another $0.02 worth of feedback.
>
> JF
>
> On Mon, Jul 11, 2022 at 11:43 AM Léonie Watson <lwatson@tetralogical.com>
> wrote:
>
>> The masking is done for privacy and security, and as a screen reader user
>> I like that I'm afforded the same protections as everyone else. If you use
>> the standard HTML password field the browser automatically handles this for
>> everyone.
>>
>>
>> You're right that it can sometimes be difficult to enter passwords that
>> are masked, especially if you do not use a password manager, which is why
>> giving people the option to show their passwords is a good idea.
>>
>>
>> But I would strongly caution against making passwords visible by default
>> because it removes those protections and takes the choice away from
>> consumers.
>>
>>
>> Léonie.
>>
>>
>>
>> On 11/07/2022 15:59, Lisa Spirko wrote:
>>
>> Hello all,
>>
>>
>>
>> I have been unable to find information about this on the W3C/WAI site:
>> Password masking (e.g., with asterisks or bullets) and the show/hide toggle
>> that I believe should be used to show the actual password.
>>
>>
>>
>> Most password fields use masking characters, and without this toggle,
>> screen readers read the masking characters (“star star star star…”), not
>> the actual characters being typed. This seems to me to be a significant,
>> severe accessibility issue because screen reader users are unable to
>> confirm that the password they’re entering is correct. Essentially, this
>> issue renders the entire system inaccessible because the screen reader user
>> cannot even access it. I hope you’ll consider adding information about this
>> to the site and guidelines.
>>
>>
>>
>> The W3C/WAI pages I have found so far on passwords do not mention this at
>> all, but I’m looking for information to pass along to a development team.
>> Any guidance on this is welcome.
>>
>>
>>
>> Thanks,
>>
>> Lisa
>> ------------------------------
>>
>> The information contained in this e-mail may be privileged and
>> confidential under applicable law. It is intended solely for the use of the
>> person or firm named above. If the reader of this e-mail is not the
>> intended recipient, please notify us immediately by returning the e-mail to
>> the originating e-mail address. Availity, LLC is not responsible for errors
>> or omissions in this e-mail message. Any personal comments made in this
>> e-mail do not reflect the views of Availity, LLC..
>>
>> --
>> Director @TetraLogicalhttps://tetralogical.com
>>
>>
>
> --
> *John Foliot* |
> Senior Industry Specialist, Digital Accessibility |
> W3C Accessibility Standards Contributor |
>
> "I made this so long because I did not have time to make it shorter." -
> Pascal "links go places, buttons do things"
>