E-mail List Archives

Re: Password Rules - Impact on Users with Cognitive Disabilities

for

From: Jonathan Avila
Date: Oct 29, 2014 9:26AM


> The best that gives me is how many characters I've typed actually made it to the screen, nothing more. (I'm not blind.)

I've even seen some password fields that obfuscate the number of characters entered by seemingly multiplying/randomizing the number of stars in the field so you might not even be able to tell how many characters were entered.

Jon

-----Original Message-----
From: <EMAIL REMOVED> [mailto: <EMAIL REMOVED> ] On Behalf Of Mallory van Achterberg
Sent: Wednesday, October 29, 2014 10:18 AM
To: WebAIM Discussion List
Subject: Re: [WebAIM] Password Rules - Impact on Users with Cognitive Disabilities

On Wed, Oct 29, 2014 at 01:44:42PM +0000, Patrick H. Lauke wrote:
> On 29/10/2014 12:31, Birkir R. Gunnarsson wrote:
> >I think password hiding is important, so passwords should be hidden by default.
>
> Actually, not quite sure if that's true (anymore).
>
> See for instance Luke Wroblesky's thoughts on this back in 2012
> http://www.lukew.com/ff/entry.asp?1653 - and since then, a lot of
> sites/apps seem to have gone that way too (showing by default, with
> option to hide if needed).

I also hate hearing "star star star star" when testing new services.
The best that gives me is how many characters I've typed actually made it to the screen, nothing more. (I'm not blind.)

Although, I had forgotten about the options to show, as seen on my network-manager's network popup, or I believe one of the Internet Explorers actually adds an icon (which doesn't seem focusable but it can be clicked with a mouse) of an eye that I think does similar.

I'd be okay with input type="password" if it added a separate control to hide/show, but I generally hate the default setup of things. More often than not, I misstyped one of the two (I don't copy and paste between two password fields because of this fear), and hope I don't make the same misstype twice. Meanwhile, I'm more likely to have a keylogger or wifi sniffer at my machine than someone is able to see my screen.
The threats have shifted.

_mallory