WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: [EXTERNAL] How fast do puff and sip device users type?

for

From: Birkir R. Gunnarsson
Date: Jul 3, 2019 12:23PM

Good input
I mentioned zip and puff devices specifically because I consider them
the slowest method of input, which is at best an educated guess.
I did a test using the slowest method availbale to me personally,
using a touchscreen keyboard to type a 12 character password that
required all 3 keyboards (characters, numbers and symbols) and barely
cracked the 90 seconds(I am a pretty awful touch typer).

I am going to recommend 90 seconds as a starting point.
We've discussed the checkbox solution but our security people still
want automated masking after a certain period of inactivity,because
they are security people and must be appeased.

And the solution is server side so we can't listen for oninput events
(which I would've prefered). ;)
I think I can't get away with much more than 90 seconds, but I hope
that will cover most usres in most situations.
Worst case scenario, the user can choose to re-display the password,
at least that's my understanding (this is still just a prototype and
has not been fed thorugh the grinder of other business and technical
restrictions).

Thanks
-Birkir


On 7/3/19, John Foliot < <EMAIL REMOVED> > wrote:
> Hi Birkir,
>
> You initially posed this question in relationship to content input via sip
> and puff. While I am unaware of any specific studies around minimal times
> needed, the problem statement impacts more than just that specific
> user-group or specific input type (i.e. a user with a mouth-stick will
> likely need a similar amount of time to react).
>
> Some questions: does the masking impact the whole text string, or just the
> most recent character inputted? In a perfect world, I'd envision a masking
> where the last letter/character typed is visible, and as soon as you input
> a second (or next) character, than the previous character is auto-magically
> masked. However, you also noted that this is a server-side function that is
> not detecting key-strokes, so...)
>
> As for "how long"? I'd (personally, and with no hard metric to base this
> on) likely suggest roughly 2 seconds per character, so an 8 character
> string would be roughly 15 or 16 seconds. You noted as well that they can
> "unmask" the password (during, or only after?), and if possible I'd also
> provide a check-box function that automatically turns off or "shows" the
> password in plain text for the duration - I've seen this more than once in
> the wild. That's a user choice setting that can (would) default to the
> traditional hidden password string, but still gives the end user the final
> decision.
>
> My $0.05 Cdn.
>
> JF
>
> On Wed, Jul 3, 2019 at 12:17 PM Birkir R. Gunnarsson <
> <EMAIL REMOVED> > wrote:
>
>> Lol, not when there are other considerations, such as security, and
>> ths is an online banking platform, our security folks would get me
>> trownin jail if I proposed that.
>>
>>
>>
>> On 7/3/19, Mark Magennis < <EMAIL REMOVED> > wrote:
>> > The exception period under SC2.2.1 is 20 hours 😊
>> >
>> > Mark Magennis
>> > Skillsoft | mobile: +353 87 60 60 162
>> > Accessibility Specialist
>> >
>> >
>> > -----Original Message-----
>> > From: WebAIM-Forum < <EMAIL REMOVED> > On Behalf Of
>> > Birkir R. Gunnarsson
>> > Sent: 03 July 2019 15:51
>> > To: WebAIM Discussion List < <EMAIL REMOVED> >
>> > Subject: [EXTERNAL] [WebAIM] How fast do puff and sip device users type?
>> >
>> > We hav a functionality that lets users see the password they are
>> > typing.
>> > For security reasons we automatically mask the password again after a
>> > period of inactivity (the masking is done from the server side so we
>> > cannotdetect individual keystrokes).
>> > The question is, how long should we give a user to type the password
>> > before we auto mask it again (password has to be at least 8 characters
>> > long and must have at least one uppercase, one lower case and one
>> > non-alphanumeric character).
>> >
>> > Finally, users can request to re display the password if masking is
>> > activated.
>> >
>> > This is definitely a luxury problem compared to most accessibility
>> > inquiries, but it's always fun to get questions that you don't
>> > necessarily hav ready answers for.
>> >
>> > Cheers
>> > -B
>> >
>> >
>> > --
>> > Work hard. Have fun. Make history.
>> > >> > >> > >> > >> > >> > >> > >> > >> >
>>
>>
>> --
>> Work hard. Have fun. Make history.
>> >> >> >> >>
>
>
> --
> *​John Foliot* | Principal Accessibility Strategist | W3C AC Representative
> Deque Systems - Accessibility for Good
> deque.com
> > > > >


--
Work hard. Have fun. Make history.