Skip to content

Commit cff83ec

Browse files
alastcdan-hw
andcommitted
Transfering from dan-hw:F109
Co-Authored-By: dan-hw <115254950+dan-hw@users.noreply.github.com>
1 parent b94931a commit cff83ec

File tree

1 file changed

+33
-0
lines changed

1 file changed

+33
-0
lines changed

techniques/failures/F109.html

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
<!DOCTYPE html><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
2+
3+
<head><title>Failure of Success Criterion 3.3.8 and 3.3.9 due to forcing transcription of individual password characters</title>
4+
5+
<link rel="stylesheet" type="text/css" href="../../css/sources.css" class="remove"></head><body><h1>Failure of Success Criterion 3.3.8 and 3.3.9 due to forcing transcription of individual passphrase characters</h1><section class="meta"><p class="id">ID: F109</p><p class="technology">Technology: failures</p><p class="type">Type: Failure</p></section><section id="applicability"><h2>When to Use</h2>
6+
<p>All technologies that require authentication.</p>
7+
</section><section id="description"><h2>Description</h2>
8+
<p>Requiring users to authenticate by entering a password or passcode in a different format from which it was originally created is a failure to meet Success Criteria 3.3.8 and 3.3.9 (unless alternative authenticaton methods are available). If a user is required to enter individual password characters across multiple fields, in a way that prevents pasting the password in a single action, it prevents use of a password manager or pasting from local copy of the password or passcode. This means users cannot avoid transcription, resulting in a <a href="../../understanding/22/accessible-authentication.html#dfn-cognitive-function-test">cognitive function test</a>. This applies irrespective of whether users are required to enter all characters in the string, or just a subset.</p>
9+
10+
11+
</section><section id="examples"><h2>Examples</h2>
12+
<p>These examples would prevent a user from entering a password in the same format in which the password was originally created:</p>
13+
<ul>
14+
<li>A fieldset that prompts a user to "Enter the 2nd, 6th and last characters of your password", with separate input fields for each character.</li>
15+
<li>A fieldset that prompts a user to enter each digit of a passcode in a separate input (unless the user can paste the entire passcode in the first input, and the remaining inputs are populated automatically).</li>
16+
<li>A password input fieldset composed of <code class="el">&lt;select&gt;</code> elements that requires a user to select each character of a fixed-length password from individual dropdown fields.</li>
17+
</ul>
18+
</section>
19+
20+
<section id="tests"><h2>Tests</h2>
21+
<section class="procedure"><h3>Procedure</h3>
22+
<ol>
23+
<li>Check if the structure of the input field(s) prevents the user from pasting or auto-filling the entire password or passcode in the format in which it was originally created.</li>
24+
<li>Confirm that no other acceptable authentication methods are present that satisfy Success Criteria 3.3.8 or 3.3.9 (such as an authentication method that does not rely on a cognitive function test).</li>
25+
</ol>
26+
</section>
27+
<section class="results"><h3>Expected Results</h3>
28+
<ul>
29+
<li>If steps #1 and #2 are true, then this failure condition applies and content fails the Success Criterion.</li>
30+
</ul>
31+
</section>
32+
</section><section id="related"><h2>Related Techniques</h2></section>
33+
<section id="resources"><h2>Resources</h2></section></body></html>

0 commit comments

Comments
 (0)