E-mail List Archives

Re: Password Rules - Impact on Users with Cognitive Disabilities

for

From: Clark, Michelle - NRCS, Washington, DC
Date: Oct 29, 2014 8:47AM


It's difficult if one is blind as well as one does not know if there has been an error in typing.

Michelle


-----Original Message-----
From: <EMAIL REMOVED> [mailto: <EMAIL REMOVED> ] On Behalf Of Greg Gamble
Sent: Wednesday, October 29, 2014 10:44 AM
To: WebAIM Discussion List
Subject: Re: [WebAIM] Password Rules - Impact on Users with Cognitive Disabilities

" Nielsen has suggested that the hiding of passwords is a UX anti-pattern and so you may possible want to consider not using the type="password", if that's an option. Typing on a keyboard while keeping a bunch of rules straight in your head and then not being able to see what you've typed is really hard, even without cognative disability."

I totally agree that the "password" type should not be used ... it's so ingrained in how we deal with passwords, that the mention of showing a clear text password is almost sacrilegious.

Greg

-----Original Message-----
From: <EMAIL REMOVED> [mailto: <EMAIL REMOVED> ] On Behalf Of Mallory van Achterberg
Sent: Tuesday, October 28, 2014 2:23 AM
To: <EMAIL REMOVED>
Subject: Re: [WebAIM] Password Rules - Impact on Users with Cognitive Disabilities

On Mon, Oct 27, 2014 at 08:54:10PM +0000, <EMAIL REMOVED> wrote:
> Password Must be 8 - 20 characters. Must include at least one lower-case letter and one number. No symbols may be used. Cannot be one of six previous passwords.
>
Might be. In general, people understand examples better than text descriptions, so along with your text description, an example password (with each point maybe drawn with an arrow to it) would help more people.

Nielsen has suggested that the hiding of passwords is a UX anti-pattern and so you may possible want to consider not using the type="password", if that's an option. Typing on a keyboard while keeping a bunch of rules straight in your head and then not being able to see what you've typed is really hard, even without cognative disability.

Also, adding a dynamic Javasctipt hint near the input may also help.
For example, listening for the oninput event, check the string and see if it's missing one of the demands, like a special character or something uppercase, and suggest it. I've never done this, but I like the idea, similar to the dynamic password-strength "meters" some forms use, except more specific.

_mallory
This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.