W3C

Site Navigation

Nearby

Results of Questionnaire WCAG2ICT-SC 3.3.8 Accessible Authentication (Minimum) draft review

The results of this questionnaire are available to anybody. In addition, answers are sent to the following email address: maryjom@us.ibm.com

This questionnaire was open from 2023-11-09 to 2023-11-15.

7 answers have been received.

Jump to results for question:

  1. Review of proposed content for 3.3.8 Accessible Authentication (Minimum)
  2. 3.3.8 Accessible Authentication (Minimum) relevance to SC problematic for Closed Functionality
  3. Add new WCAG 2.2 term "cognitive function test"

1. Review of proposed content for 3.3.8 Accessible Authentication (Minimum)

Review the draft proposal for Applying SC 3.3.8 Accessible Authentication (Minimum) to Non-Web Documents and Software. Indicate whether this proposal is ready to incorporate into the editor's draft and note any desired changes.

Summary

ChoiceAll responders
Results
The proposed content is ready to incorporate into the editor's draft, as-is.
The proposed content is ready to incorporate into the editor's draft, with the following changes. 7
The proposal isn't ready yet.

Details

Responder Review of proposed content for 3.3.8 Accessible Authentication (Minimum)Comments
Mitchell Evan The proposed content is ready to incorporate into the editor's draft, with the following changes. (1) It needs word substitution, replacing "Web site" with "non-web document or software". (2) An added Note currently says: "Device passwords, used to unlock a device, are out of scope for this requirement as these are not up to the author." I would remove this Note, because the intent is similarly conveyed in the WebAuthn example in WCAG 2.2 Understanding. If not removed, then we should rephrase the note to allow for the case where the OS itself is the non-web software being evaluated.
Phil Day The proposed content is ready to incorporate into the editor's draft, with the following changes. Modify the reference to web site
Mike Pluke The proposed content is ready to incorporate into the editor's draft, with the following changes. Fine apart from the need to change Web site to "non-web document or software"
Sam Ogami The proposed content is ready to incorporate into the editor's draft, with the following changes. Good with Mitchell changes.
Olivia Hogan-Stark The proposed content is ready to incorporate into the editor's draft, with the following changes. +1 to Mitchell's changes
Bruce Bailey The proposed content is ready to incorporate into the editor's draft, with the following changes. Does anyone know of password managers that work with, for example, an MS Word Document that is password protected? If not, seems like we should include a note to the effect that conventional off-line documents with embedded password protection do not typically satisfy this criterion.
Loïc Martínez Normand The proposed content is ready to incorporate into the editor's draft, with the following changes. +1 to Mitchell's changes

2. 3.3.8 Accessible Authentication (Minimum) relevance to SC problematic for Closed Functionality

Is a bullet needed in the SC Problematic for Closed Functionality section for 3.3.8 Accessible Authentication (Minimum)? If so, please suggest the text.

Summary

ChoiceAll responders
Results
No bullet needed. Applies, as written, to closed functionality software. 2
Bullet needed in the SC problematic for closed functionality section. Explain. 5

Details

Responder 3.3.8 Accessible Authentication (Minimum) relevance to SC problematic for Closed FunctionalityComments
Mitchell Evan No bullet needed. Applies, as written, to closed functionality software. (1) The language of the criterion applies equally to non-web ICT with or without closed functionality. (2) The criterion links to four definitions, which are also okay as-is... "Cognitive function test": Whatever we decide for non-web ICT in general will also be fine for closed functionality. "Process": A note mentions web, but only as one illustrative example. "Mechanism": A note mentions the content itself as a way to provide a mechanism, in addition to user agents. "Non-text content": WCAG 2.2 Understanding makes the intention clear. (3) I see Phil's point about ATMs today requiring PIN, but I'd rather not concede to the status quo at the expense of users while also contradicting WCAG. Could this be a matter for policy and legislation to sort out the conflict, rather than us in the Task Force? Or, if we do need to address this under Closed Functionality, then ATMs would be just one example. The underlying problem can be described as ICT preventing users from transferring text from personal devices (as described in WCAG 2.2 Understanding).
Phil Day Bullet needed in the SC problematic for closed functionality section. Explain. Some closed systems such as ATMs and payment devices require use of a personal identification number (PIN). This is an essential security feature that is mandatory in many territories, with other alternatives (such as biometrics) not being allowed by the security rules.
Mike Pluke Bullet needed in the SC problematic for closed functionality section. Explain. This exact topic came up as a concern in a call today related to updating EN 301 549. The concern is that our accessibility standard should not be telling people to do something that might actually be illegal in some countries.

We do not want to create the impression that because of these legal issues, failing to meet the SC is OK, it is still not accessible. I think that Phil's note nicely highlights that there may be an issue, without giving any impression that this means not meeting the SC is OK.
Sam Ogami Bullet needed in the SC problematic for closed functionality section. Explain. +1 to Phils note. Add that the SC is exempt or not applicable in situations like Phils example.
Olivia Hogan-Stark Bullet needed in the SC problematic for closed functionality section. Explain. +1 to other's concerns and building on Phil's note
Bruce Bailey Bullet needed in the SC problematic for closed functionality section. Explain. I do not agree that a 4-6 digit PIN associated with bank card or the like is actually a cognitive function test. The user is not obligated to change them for years, and they are digits (not alphanumeric + symbols). Plus, if the user choses to do so, they can write the number on the card itself. If anyone has evidence that bankcards are a barrier for people with limited cognition, please share! In my experience, it is a requirement (for example) to change a PIN every 90 days that causes a PIN to be a cognitive function test. The banking industry very much seem to have this sorted out.
Loïc Martínez Normand No bullet needed. Applies, as written, to closed functionality software. After reading Mitch's and Phil's comment, I believe that this is a success criterion that is no different for systems with closed functionality.

If current technology (e.g. ATM) does not meet the SC, it is not for WCAG2ICT to declare this an "acceptable exception". It should be legislation doing this work, shouldn't it?

3. Add new WCAG 2.2 term "cognitive function test"

Here is a link to the new term "cognitive function test" in WCAG 2.2. Do you agree that "cognitive function test" should be added to the section Glossary Items that Apply to All Technologies?

Summary

ChoiceAll responders
Results
Yes, add to Glossary Items that Apply to All Technologies 2
No, because additional guidance or term replacements should be given. Explain. 5

Details

Responder Add new WCAG 2.2 term "cognitive function test"Comments
Mitchell Evan No, because additional guidance or term replacements should be given. Explain. I would apply word substitution to this sentence: "The common identifiers name, e-mail, and phone number are not considered cognitive function tests as they are personal to the user and consistent across Web sites." In this case I would change "Web sites" to "Web sites and non-web ICT". That said, I would defer to the Task Force for a different substitution or no substitution in this case.
Phil Day Yes, add to Glossary Items that Apply to All Technologies Again, modify the reference to web site
Mike Pluke No, because additional guidance or term replacements should be given. Explain. For this case I think that Mitch's unique substitution is the most appropriate.
Sam Ogami No, because additional guidance or term replacements should be given. Explain. Good with Mitchell changes.
Olivia Hogan-Stark No, because additional guidance or term replacements should be given. Explain. +1 to Mitchell's changes
Bruce Bailey Yes, add to Glossary Items that Apply to All Technologies +1 to Mitch's edits.
Loïc Martínez Normand No, because additional guidance or term replacements should be given. Explain. +1 to Mitch's edits.

More details on responses

  • Mitchell Evan: last responded on 14, November 2023 at 21:22 (UTC)
  • Phil Day: last responded on 15, November 2023 at 13:28 (UTC)
  • Mike Pluke: last responded on 15, November 2023 at 18:36 (UTC)
  • Sam Ogami: last responded on 15, November 2023 at 20:29 (UTC)
  • Olivia Hogan-Stark: last responded on 15, November 2023 at 21:55 (UTC)
  • Bruce Bailey: last responded on 15, November 2023 at 22:35 (UTC)
  • Loïc Martínez Normand: last responded on 15, November 2023 at 23:25 (UTC)

Non-responders

The following persons have not answered the questionnaire:

  1. Gregg Vanderheiden
  2. Shadi Abou-Zahra
  3. Mary Jo Mueller
  4. Chris Loiselle
  5. Charles Adams
  6. Daniel Montalvo
  7. Fernanda Bonnin
  8. Shawn Thompson
  9. Laura Miller
  10. Anastasia Lanz
  11. Devanshu Chandra
  12. Bryan Trogdon
  13. Thorsten Katzmann
  14. Tony Holland
  15. Kent Boucher

Send an email to all the non-responders.

Compact view of the results / list of email addresses of the responders

WBS home / Questionnaires / WG questionnaires / Answer this questionnaire

Report issues on GitHub project w3c/wbs-design or by mail to sysreq.