search

w3c / matf

Guidance from the Mobile Accessibility Task Force (MATF)
https://w3c.github.io/matf/
Other
8 stars 3 forks source link

Success Criterion 3.3.8 - Accessible Authentication (Minimum) - Level AA #60

Closed JJdeGroot closed 2 weeks ago

JJdeGroot commented 4 months ago

WCAG2ICT guidance: https://www.w3.org/TR/wcag2ict-22/#accessible-authentication-minimum

Share your thoughts for applying to mobile apps as a comment below.

julianmka commented 2 months ago

Based on previous task force conversation, this SC can be applied to native mobile apps and mobile web with minimal or no deviation from WCAG2ICT.

Proposal

In MATF's first draft of guidance, this SC's section will read as:

This applies directly as written, and as described in Intent from Understanding Success Criterion 3.3.8, “the Web site” with “a Web site, screen, or application”.

A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:

Alternative Another authentication method that does not rely on a cognitive function test.

Mechanism A mechanism is available to assist the user in completing the cognitive function test.

Object Recognition The cognitive function test is to recognize objects.

Personal Content The cognitive function test is to identify non-text content the user provided to a Web site, screen, or [application].

Note 1 "Object recognition" and "Personal content" may be represented by images, video, or audio.

Note 2 Examples of mechanisms that satisfy this criterion include: support for password entry by password managers to reduce memory need, and copy and paste to reduce the cognitive burden of re-typing.

Note 3 If the non-web software is an application, passwords used to unlock the underlying platform software are out of scope for this requirement as these are not up to a software application’s author.

I took the liberty of removing Note 4 (an exception for powering on devices) and Note 5 (the Closed Functionality note). Note 4 seemed unnecessary since mobile apps and mobile web content may only be accessed on devices that are powered on. MATF consensus seems to be that Closed Functionality is not a consideration for mobile apps and mobile web.

Please indicate your agreement with a thumbs up emoji 👍, or if you disagree, use the thumbs down emoji 👎 and elaborate in comments.

JJdeGroot commented 2 weeks ago

Closing this issue because the draft language has been accepted.