Clarification on password re-entry in 3.3.7 Redundant Entry #4210
Comments
|
@jamieherrera Not entirely sure I get your point. Requiring entering of a password a second time after 2F authentification would probably be bad design for all, even if you'd have to say, from a formal conformance standpoint, that it falls under "required to ensure the security of the content" ("because that's the way be built it"). |
|
Yes, @detlevhfischer, I agree
That's why I'm asking if that situation is intended to be covered under the password exception. The wording of the SC seems to imply that any scenario with passwords is excepted, but this scenario just seems... redundant. |
|
since someone can always reset their password if they type the wrong one in — I’m not sure I understand the need to type passwords twice. ESPECIALLY when you cannot paste anything into the second field
gregg
… On Feb 13, 2025, at 2:02 PM, Jamie H ***@***.***> wrote:
jamieherrera
left a comment
(w3c/wcag#4210)
Yes, @detlevhfischer, I agree
Requiring entering of a password a second time after 2F authentification would probably be bad design for all
That's why I'm asking if that situation is intended to be covered under the password exception. The wording of the SC seems to imply that any scenario with passwords is excepted, but this scenario just seems... redundant.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
<https://github.com/detlevhfischer> <#4210 (comment)> <https://github.com/notifications/unsubscribe-auth/ACNGDXULGMSQKTKATMF2X6T2PUI7VAVCNFSM6AAAAABWBT4MX6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNJXHAYDEMZQGI>
jamieherrera
left a comment
(w3c/wcag#4210)
<#4210 (comment)>
Yes, @detlevhfischer <https://github.com/detlevhfischer>, I agree
Requiring entering of a password a second time after 2F authentification would probably be bad design for all
That's why I'm asking if that situation is intended to be covered under the password exception. The wording of the SC seems to imply that any scenario with passwords is excepted, but this scenario just seems... redundant.
—
Reply to this email directly, view it on GitHub <#4210 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACNGDXULGMSQKTKATMF2X6T2PUI7VAVCNFSM6AAAAABWBT4MX6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNJXHAYDEMZQGI>.
You are receiving this because you are subscribed to this thread.
|
|
especially after 2-factor authentication is 2 factors, not three |
Hello,
Several issues (now closed) have hashed out various scenarios for essential re-entry, such as when entering something for the first time, like a new password, a SSN, or email address, where the purpose is user error prevention. What about when the purpose is not error prevention?
With regard to the language of being required,
is there any responsibility to demonstrate that the information being repeated is required, and not just a nice to have? Or is that outside of the accessibility discussion?
As in, could the SC fail for an author requiring a user to enter information a second time arbitrarily? Say, a password requirement a second time after going through 2 factor authentication.... just for example sake.
The text was updated successfully, but these errors were encountered: