WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: Password Rules - Impact on Users with Cognitive Disabilities

for

From: Mallory van Achterberg
Date: Oct 28, 2014 3:22AM

On Mon, Oct 27, 2014 at 08:54:10PM +0000, <EMAIL REMOVED> wrote:
> Password Must be 8 - 20 characters. Must include at least one lower-case letter and one number. No symbols may be used. Cannot be one of six previous passwords.
>
Might be. In general, people understand examples better than text
descriptions, so along with your text description, an example
password (with each point maybe drawn with an arrow to it) would
help more people.

Nielsen has suggested that the hiding of passwords is a UX anti-pattern
and so you may possible want to consider not using the type="password",
if that's an option. Typing on a keyboard while keeping a bunch of
rules straight in your head and then not being able to see what you've
typed is really hard, even without cognative disability.

Also, adding a dynamic Javasctipt hint near the input may also help.
For example, listening for the oninput event, check the string and
see if it's missing one of the demands, like a special character or
something uppercase, and suggest it. I've never done this, but I like
the idea, similar to the dynamic password-strength "meters" some forms
use, except more specific.

_mallory