WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: Prefilled password fields and screen readers

for

From: Moore,Michael
Date: Sep 23, 2009 7:15AM


For all versions of JAWS that I am familiar with, 6.0 and up, this is the expected behavior when you tab into the field. You can determine how many characters have been entered by navigating through the field by character. (left or right arrow keys) JAWS says "star" for each character in the field. I have been told that early versions of JAWS would read the password in the clear, defeating the purpose of a "secret" password. Oddly enough, I have seen this open reading of the user's password in some windows applications including a "secure" flash drive that I tested recently. This is likely due to an error in how the password field was coded in the application.

Mike Moore

-----Original Message-----
From: <EMAIL REMOVED> [mailto: <EMAIL REMOVED> ] On Behalf Of Sofia Celic-Li
Sent: Tuesday, September 22, 2009 7:42 PM
To: WebAIM Discussion List
Subject: [WebAIM] Prefilled password fields and screen readers

Hi everyone,

While doing some testing today I noted a JAWS behavior that didn't seem
quite right and I'm wondering if anyone else has noted this with JAWS or
other screen readers.

The form was a simple login form with a user name edit field and a password
edit field. Both fields were pre-filled, with the password field showing
dots instead of text to protect the password. JAWS announced the value in
the user name field but did not indicate the presence of anything inside the
password field. While I am aware that it should not announce the password
itself it seemed incorrect for the screen reader not to announce the
presence of a value even if it was to simply announce "star star star star".
A screen reader user would unnecessarily type in the password.

I also tried this with Firefox's password recall feature on a website since
it will pre-fill the password and the result was the same.

This is the first time I've tested a form with a pre-filled password field
and could not find anything on this topic online. Is this the usual
behavior?

Thanks,
Sofia