RE: Authentication for young students

Have you considered biometrics or tokens, thereby bypassing the need for memory/recognition? Additionally, passphrases or pass-patterns may be easier to remember.

Authentication can be something you know (ex. password, pass-picture, passphrase); something you are (biometric such as fingerprint, face, palm, etc.); or something you have (a physical or digital “key,” sometimes called a token). There are a number of tokens available on the market, such as ones that have the form factor of a USB stick and are put into a USB slot. Of course, you then have to make sure that the interaction around providing the biometric or token – essentially, the instructions to put your face in X camera area, put your token into the USB slot, etc. – are accessible and understandable to the children. I am speaking from experience researching authentication accessibility and usability, but I am not currently deeply familiar with interpreting current WCAG requirements.

Ronna ten Brink
Lead Human Factors Engineer
L535: User Experience, Visualization, and Decision Support
Pronouns: She, her, hers (what is this?)<https://assets2.hrc.org/files/assets/resources/TalkingAboutPronouns_onesheet_FINAL.pdf?_ga=2.196814764.182729806.1586291688-1827157616.1586291688>
Phone: 571-424-9492
Email: rtenbrink@mitre.org<mailto:rtenbrink@mitre.org>
MITRE: Solving Problems for a Safer World®

From: Madeleine Rothberg <madeleine_rothberg@wgbh.org>
Sent: Wednesday, November 15, 2023 12:30 PM
To: Post WAI list <w3c-wai-ig@w3.org>
Subject: [EXT] Authentication for young students

I’m interested in thoughts on how to provide accessible authentication for young students. A common pattern is to offer children a variety of pictures/icons during account setup and let them choose one. Then that image acts like a password

I’m interested in thoughts on how to provide accessible authentication for young students. A common pattern is to offer children a variety of pictures/icons during account setup and let them choose one. Then that image acts like a password – they choose their name from the class list, and then choose their selected icon from an array of icons. The goal is to reduce the chance of a child logging into someone else’s account, on purpose or by accident. Browser tools to save a password won’t work because students might sit at a different computer every day, and anyway that would defeat the purpose of preventing another student in the class from logging in to the wrong account.

Understanding SC 3.3.8<https://www.w3.org/WAI/WCAG22/Understanding/accessible-authentication-minimum.html> says :

“If the test is based on something the website has set such as remembering or transcribing a word, or recognizing a picture the website provided, that would be a cognitive functional test. Recognizing objects, or a picture the user has provided is a cognitive function test; however, it is excepted at the AA level.”

It isn’t practical in a classroom to have each student “provide” their own image by uploading. The text seems to say that using website-provided pictures is not conformant with the requirement even if the student has picked the one they want to use.

Any thoughts on how this process could be adjusted to meet the requirement? Or do people think it is close enough to fit the exception?

-Madeleine


Madeleine Rothberg

She/her

[GBH]<https://www.wgbh.org/foundation/what-we-do/ncam>

National Center for
Accessible Media (NCAM)

Senior Subject Matter Expert

madeleine_rothberg@wgbh.org<mailto:madeleine_rothberg@wgbh.org>

617-300-2492<tel:617-300-2492> Office

One Guest Street, Boston MA 02135

[mag_twitter]<https://smart.wgbh.org/v2/a/mag_twitter/65550018bad238e3c66eb3cb-zqM8z/httpstwitter.comGBHAccess>

[mag_instagram]<https://smart.wgbh.org/v2/a/mag_instagram/65550018bad238e3c66eb3cb-zqM8z/httpswww.instagram.comaccessgbh>

[mag_facebook]<https://smart.wgbh.org/v2/a/mag_facebook/65550018bad238e3c66eb3cb-zqM8z/httpswww.facebook.comGBHAccess>

[What matters to you.]<https://smart.wgbh.org/v2/a/gbh_whatmatterstoyou_launch/65550018bad238e3c66eb3cb-zqM8z/httpswhatmatterstoyou.gbh.org>


[Image removed by sender. .]

Received on Wednesday, 15 November 2023 22:56:46 UTC