-
Notifications
You must be signed in to change notification settings - Fork 257
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Failure Technique F109 for Issue #1918 Accessible Authentication needs better techniques #2990
Closed
Closed
Changes from 17 commits
Commits
Show all changes
18 commits
Select commit
Hold shift + click to select a range
e196333
Create F109.HTML
dan-hw 9edb874
Update and rename F109.HTML to F109.html
dan-hw 30cf7db
Update F109.html
dan-hw e478af8
Update F109.html
dan-hw 27b4634
Update F109.html
dan-hw 40ea878
Update F109.html
dan-hw c49dfe7
Update F109.html
dan-hw 5a1a3b6
Update F109.html
dan-hw 029d3b3
Update accessible-authentication.html
dan-hw 03f191d
adding F109 failure technique
dan-hw 2677c61
Repointing links to SC3.3.8
dan-hw c110201
Removing stray </link> tag
dan-hw 98909c4
Adding missed <p> element
dan-hw 24693d2
Clarifying difference in password format between creation & authentic…
dan-hw e07aa98
Update techniques/failures/F109.html
dan-hw dbb310d
clarifying support for custom paste across multiple fields
dan-hw 1e6f1ba
Update techniques/failures/F109.html
dan-hw d19fb54
Apply suggestions from code review - applicable to both passcodes and…
dan-hw File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| <!DOCTYPE html><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> | ||
|
|
||
| <head><title>Failure of Success Criterion 3.3.8 and 3.3.9 due to forcing transcription of individual password characters</title> | ||
|
|
||
| <link rel="stylesheet" type="text/css" href="../../css/sources.css" class="remove"></head><body><h1>Failure of Success Criterion 3.3.8 and 3.3.9 due to forcing transcription of individual password characters</h1><section class="meta"><p class="id">ID: F109</p><p class="technology">Technology: failures</p><p class="type">Type: Failure</p></section><section id="applicability"><h2>When to Use</h2> | ||
dan-hw marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| <p>All technologies that require authentication.</p> | ||
| </section><section id="description"><h2>Description</h2> | ||
| <p>Requiring users to authenticate by entering a password in a different format from which it was originally created is a failure to meet Success Criteria 3.3.8 and 3.3.9 (unless alternative authenticaton methods are available). If a user is required to enter individual password characters across multiple fields, in a way that prevents pasting the password in a single action, it prevents use of a password manager or pasting from local copy of the password. This means users cannot avoid transcription, resulting in a <a href="../../understanding/22/accessible-authentication.html#dfn-cognitive-function-test">cognitive function test</a>. This applies irrespective of whether users are required to enter all characters in the password, or just a subset.</p> | ||
dan-hw marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
|
|
||
| </section><section id="examples"><h2>Examples</h2> | ||
| <p>These examples would prevent a user from entering a password in the same format in which the password was originally created:</p> | ||
| <ul> | ||
| <li>A fieldset that prompts a user to "Enter the 2nd, 6th and last characters of your password", with separate input fields for each character.</li> | ||
| <li>A fieldset that prompts a user to enter each digit of a passcode in a separate input (unless the user can paste the entire passcode in the first input, and the remaining inputs are populated automatically).</li> | ||
| <li>A password input fieldset composed of <code class="el"><select></code> elements that requires a user to select each character of a fixed-length password from individual dropdown fields.</li> | ||
| </ul> | ||
| </section> | ||
|
|
||
| <section id="tests"><h2>Tests</h2> | ||
| <section class="procedure"><h3>Procedure</h3> | ||
| <ol> | ||
| <li>Check if the structure of the password input field(s) prevents the user from pasting or auto-filling their entire password in the format in which it was originally created.</li> | ||
dan-hw marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| <li>Confirm that no other acceptable authentication methods are present that satisfy Success Criteria 3.3.8 or 3.3.9 (such as an authentication method that does not rely on a cognitive function test).</li> | ||
| </ol> | ||
| </section> | ||
| <section class="results"><h3>Expected Results</h3> | ||
| <ul> | ||
| <li>If steps #1 and #2 are true, then this failure condition applies and content fails the Success Criterion.</li> | ||
| </ul> | ||
| </section> | ||
| </section><section id="related"><h2>Related Techniques</h2></section> | ||
| <section id="resources"><h2>Resources</h2></section></body></html> | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this title just saying "Failure of .... due to requiring manual entry of passwords"? Would that be simpler?