I'm worried about how most of the techniques would likely require the user to rely on someone else for two things:
It would be better if there were a set of ATs that a user might get help installing from the AT manufacturer, and then after that, site by site, the AT makes independent access possible. I'm guessing if this existed, the Understanding document would mention it.
Obviously, this is probably not an actionable comment for WCAG 2.2. I don't think there is any harm in this guideline in WCAG 2.2 and it might even inspire development of such an AT.
But, for Silver, it would be nice to emphasize independence and not assume the existence of entirely benevolent consistent assistants.
Hi @SuzanneTaylor,
I appreciate and agree with the comment, but as you say, it isn't very actionable for us at the moment.
There is and always will be some overhead in getting a secure login setup, however, the browsers, password managers and platforms are all working on making it simpler for everyone.
In the sense of William Gibson's "The future is already here - it's just not very evenly distributed", for my most secure logins I load up the page, click 'next' because my password manager has already filled in the username/password, and tap 'approve' on my watch (or phone). That's it for the month unless I use a different device/browser.
These things are gradually being rolloed out more widely, and becoming more common in the consumer sphere. I think (and hope) the main impact of this SC is to make sure large organizations (that are creating their own authentication methods) bear these requirements in mind.
If that makes sense I'll take off the WCAG 2.2 label and leave on the WCAG.next label, which is for reference by Silver/WCAG 3.0.
I think (and hope) the main impact of this SC is to make sure large organizations (that are creating their own authentication methods) bear these requirements in mind.
well, they'll have to, if WCAG makes it illegal not to...
Yes, that makes sense, it would be awesome if this could be an issue for consideration in .next/Silver/3.0
I have logins as you describe as well, except I push a button in a phone app - but they have their own mystery to them, in the sense that you have to remember how they got set up, when which one is needed, the full scope of what they allow access to, and what, for example, leaving your phone with a roommate means, now they you have that set up...
Of course this guideline in no way causes this complexity - but for .next if there could be some example ATs (maybe something like Amaya was for MathML) or even just specs/descriptions for such ATs that worked out some of this hidden complexity, we could feel more assured that independence could be maintained as much as possible in the future.
well, they'll have to, if WCAG makes it illegal not to...
The working group is not developing legislation, we are codifying best practices. As I noted elsewhere, I would argue that it is actually counterproductive for WCAG to get (very much, if at all) in front of the state-of-the-industry. Having A/AA SC that are aspirational is more likely, in my estimation, to hinder adoption of 2.2 than it is to "make it illegal not to" follow WCAG.
The working group is not developing legislation, we are codifying best practices.
sure, but it would be naive of the working group not to aknowledge that in the end, these best practices are taken into account by, or adopted wholesale into, legislation.
Most helpful comment
sure, but it would be naive of the working group not to aknowledge that in the end, these best practices are taken into account by, or adopted wholesale into, legislation.