WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: [EXTERNAL] How fast do puff and sip device users type?

for

From: Jonathan Avila
Date: Jul 9, 2019 7:53PM

On a related note - If a masked field like SSN could not be unmasked by the user could that be a failure of WCAG SC 3.3.4 error prevention if there was no confirmation of identity? With password you can re-enter which i assume would pass.

Jonathan

Sent from my iPhone

> On Jul 3, 2019, at 1:42 PM, John Foliot < <EMAIL REMOVED> > wrote:
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
>
> Hi Birkir,
>
> You initially posed this question in relationship to content input via sip
> and puff. While I am unaware of any specific studies around minimal times
> needed, the problem statement impacts more than just that specific
> user-group or specific input type (i.e. a user with a mouth-stick will
> likely need a similar amount of time to react).
>
> Some questions: does the masking impact the whole text string, or just the
> most recent character inputted? In a perfect world, I'd envision a masking
> where the last letter/character typed is visible, and as soon as you input
> a second (or next) character, than the previous character is auto-magically
> masked. However, you also noted that this is a server-side function that is
> not detecting key-strokes, so...)
>
> As for "how long"? I'd (personally, and with no hard metric to base this
> on) likely suggest roughly 2 seconds per character, so an 8 character
> string would be roughly 15 or 16 seconds. You noted as well that they can
> "unmask" the password (during, or only after?), and if possible I'd also
> provide a check-box function that automatically turns off or "shows" the
> password in plain text for the duration - I've seen this more than once in
> the wild. That's a user choice setting that can (would) default to the
> traditional hidden password string, but still gives the end user the final
> decision.
>
> My $0.05 Cdn.
>
> JF
>
> On Wed, Jul 3, 2019 at 12:17 PM Birkir R. Gunnarsson <
> <EMAIL REMOVED> > wrote:
>
>> Lol, not when there are other considerations, such as security, and
>> ths is an online banking platform, our security folks would get me
>> trownin jail if I proposed that.
>>
>>
>>
>>> On 7/3/19, Mark Magennis < <EMAIL REMOVED> > wrote:
>>> The exception period under SC2.2.1 is 20 hours 😊
>>>
>>> Mark Magennis
>>> Skillsoft | mobile: +353 87 60 60 162
>>> Accessibility Specialist
>>>
>>>
>>> -----Original Message-----
>>> From: WebAIM-Forum < <EMAIL REMOVED> > On Behalf Of
>>> Birkir R. Gunnarsson
>>> Sent: 03 July 2019 15:51
>>> To: WebAIM Discussion List < <EMAIL REMOVED> >
>>> Subject: [EXTERNAL] [WebAIM] How fast do puff and sip device users type?
>>>
>>> We hav a functionality that lets users see the password they are typing.
>>> For security reasons we automatically mask the password again after a
>>> period of inactivity (the masking is done from the server side so we
>>> cannotdetect individual keystrokes).
>>> The question is, how long should we give a user to type the password
>>> before we auto mask it again (password has to be at least 8 characters
>>> long and must have at least one uppercase, one lower case and one
>>> non-alphanumeric character).
>>>
>>> Finally, users can request to re display the password if masking is
>>> activated.
>>>
>>> This is definitely a luxury problem compared to most accessibility
>>> inquiries, but it's always fun to get questions that you don't
>>> necessarily hav ready answers for.
>>>
>>> Cheers
>>> -B
>>>
>>>
>>> --
>>> Work hard. Have fun. Make history.
>>> >>> >>> >>> >>> >>> >>> >>> >>>
>>
>>
>> --
>> Work hard. Have fun. Make history.
>> >> >> >> >>
>
>
> --
> *​John Foliot* | Principal Accessibility Strategist | W3C AC Representative
> Deque Systems - Accessibility for Good
> deque.com
> > > >