WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: [EXTERNAL] How fast do puff and sip device users type?

for

From: Birkir R. Gunnarsson
Date: Jul 3, 2019 12:23PM

Good input
I mentioned zip and puff devices specifically because I consider them
the slowest method of input, which is at best an educated guess.
I did a test using the slowest method availbale to me personally,
using a touchscreen keyboard to type a 12 character password that
required all 3 keyboards (characters, numbers and symbols) and barely
cracked the 90 seconds(I am a pretty awful touch typer).

I am going to recommend 90 seconds as a starting point.
We've discussed the checkbox solution but our security people still
want automated masking after a certain period of inactivity,because
they are security people and must be appeased.

And the solution is server side so we can't listen for oninput events
(which I would've prefered). ;)
I think I can't get away with much more than 90 seconds, but I hope
that will cover most usres in most situations.
Worst case scenario, the user can choose to re-display the password,
at least that's my understanding (this is still just a prototype and
has not been fed thorugh the grinder of other business and technical
restrictions).

Thanks
-Birkir


On 7/3/19, John Foliot < <EMAIL REMOVED> > wrote:
> Hi Birkir,
>
> You initially posed this question in relationship to content input via sip
> and puff. While I am unaware of any specific studies around minimal times
> needed, the problem statement impacts more than just that specific
> user-group or specific input type (i.e. a user with a mouth-stick will
> likely need a similar amount of time to react).
>
> Some questions: does the masking impact the whole text string, or just the
> most recent character inputted? In a perfect world, I'd envision a masking
> where the last letter/character typed is visible, and as soon as you input
> a second (or next) character, than the previous character is auto-magically
> masked. However, you also noted that this is a server-side function that is
> not detecting key-strokes, so...)
>
> As for "how long"? I'd (personally, and with no hard metric to base this
> on) likely suggest roughly 2 seconds per character, so an 8 character
> string would be roughly 15 or 16 seconds. You noted as well that they can
> "unmask" the password (during, or only after?), and if possible I'd also
> provide a check-box function that automatically turns off or "shows" the
> password in plain text for the duration - I've seen this more than once in
> the wild. That's a user choice setting that can (would) default to the
> traditional hidden password string, but still gives the end user the final
> decision.
>
> My $0.05 Cdn.
>
> JF
>
> On Wed, Jul 3, 2019 at 12:17 PM Birkir R. Gunnarsson <
> <EMAIL REMOVED> > wrote:
>
>> Lol, not when there are other considerations, such as security, and
>> ths is an online banking platform, our security folks would get me
>> trownin jail if I proposed that.
>>
>>
>>
>> On 7/3/19, Mark Magennis < <EMAIL REMOVED> > wrote:
>> > The exception period under SC2.2.1 is 20 hours 😊
>> >
>> > Mark Magennis
>> > Skillsoft | mobile: +353 87 60 60 162
>> > Accessibility Specialist
>> >
>> >
>> >