Re: Show/hide toggle to reveal masked password from Marc Haunschild on 2022-07-12 (w3c-wai-ig@w3.org from July to September 2022)

From: Marc Haunschild <haunschild@mhis.onmicrosoft.de>
Date: Tue, 12 Jul 2022 12:30:15 +0000
To: Janina Sajka <janina@rednote.net>
CC: "w3c-wai-ig@w3.org" <w3c-wai-ig@w3.org>
Message-ID: <44D977C0-143A-4F99-A211-3EE3A833D598@mhis.onmicrosoft.de>

Thanks for your input.

I made an assumption, that is not valid, I guess:

The most common design pattern is, that the button, that reveals the password, is put after the input. I just took that as given.

But that should fail Success Criterion 1.3.2 Meaningful Sequence and/ or Success Criterion 2.4.3 Focus Order anyway.

So if the form is made correctly (meets all SCs), it’s likely that screen reader users also notice an accidentally revealed password.

Thanks for pointing this out!


> Am 12.07.2022 um 12:53 schrieb Janina Sajka <janina@rednote.net>:
> 
> Oh dear, can you perhaps explain why an individual who happens to be
> blind is more likely to do what you suggest than any other user?
> 
> Marc Haunschild writes:
>> Much more important (in my opinion): can the password be revealed by accident in a way, that blind people do not realize, so that sighted people in the surrounding can see the password?
>> 
>> There should be always a warning, when showing the password.
>> 
>> --
>> 
>> Mit freundlichen Grüßen
>> 
>> 
>> Marc Haunschild
>> Accessibility Consulting
>> 
>> https://Accessibility.Consulting

>> Prüfstelle im BIK-BITV-Prüfverbund
>> 
>> Sonnenhof 32
>> 53119 Bonn
>> Telefon: 0170 8 64 00 63
>> Email: Marc.Haunschild@Accessibility.Consulting
>> 
>>> Am 11.07.2022 um 22:15 schrieb Patrick H. Lauke <redux@splintered.co.uk>:
>>> 
>>> On 11/07/2022 15:59, Lisa Spirko wrote:
>>> [...]
>>>> Most password fields use masking characters, and without this toggle, screen readers read the masking characters (“star star star star…”), not the actual characters being typed. This seems to me to be a significant, severe accessibility issue because screen reader users are unable to confirm that the password they’re entering is correct.
>>> 
>>> Noting that the experience is no different for a sighted/non-screen-reader user here too.
>>> 
>>>> Essentially, this issue renders the entire system inaccessible because the screen reader user cannot even access it.
>>> 
>>> And yet, screen reader users have been managing the same way that non-screen reader users have with these. Yes, having a show/hide toggle can be useful for all users, but not having one is not a showstopper for SR or non-SR users either.
>>> 
>>> SC 3.3.7 Accessible Authentication in the upcoming WCAG 2.2 aims to partially address this by, at the very least, making sure that those password fields can be filled/work with password managers, or at least allow pasting. https://www.w3.org/TR/WCAG22/#accessible-authentication

>>> 
>>> P
>>> -- 
>>> Patrick H. Lauke
>>> 
>>> https://www.splintered.co.uk/ | https://github.com/patrickhlauke

>>> https://flickr.com/photos/redux/ | https://www.deviantart.com/redux

>>> twitter: @patrick_h_lauke | skype: patrick_h_lauke
>>> 
>> 
> 
> -- 
> 
> Janina Sajka (she/her/hers)
> https://linkedin.com/in/jsajka

> 
> The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
> Co-Chair, Accessible Platform Architectures http://www.w3.org/wai/apa

> 
>

Received on Tuesday, 12 July 2022 12:30:31 UTC