W3C WCAG 2.2 is on its way with interesting additions!

globe with social media icons.

For those interested in web content accessibility the WCAG 2.2 guidelines will have some newly added Success Criteria (SGs) that will build on WCAG 2.1 when they are published in September 2022. The additions aim to tackle some of the latest barriers found in various web services. It is not easy with multifactor authentication changes, dynamic data driven pages and the different types of web and mobile apps.

Ensuring the maintenance of conformance levels and checking for potential accessibility issues has become harder. If you are someone who spends time evaluating web content and have become reliant on the automated checkers, it is worth being aware of their limitations! Watch out for the automated results that give you a 90 -100% score! Can they reach the parts of multi-factor authentication that we have to use? Are they including visual focus checks to track when keyboard access is hidden? Just two of the many issues that can catch us out.

Web Content Accessibility Guidelines (WCAG) 2.2 W3C Editor’s Draft (25 August 2022) – the full document

The following Success Criteria are new in WCAG 2.2:

Of all the new Success Criteria it is felt that Visual Focus is not always understood but its links with keyboard accessibility have alwys been important. WebAim talk about focus indicators and provide several tips on the subject before linking out to an  ARIA authoring practices document written by the W3C Web Accessibility Initiative (WAI) team that may help developers. WAI also offer advice about mobile accessibilitiy checks.

help keyboar button

Finally the Bureau of Internet Accessibility have provided a blog on 5 Quick Ways to Check Your Site Against New WCAG 2.2 Standards

TPGi also offer the ” new SCs in WCAG 2.2, describing their requirements in plain language, and discussing how to meet them.”

Multifactor Authentication update WCAG 2.2

laptop with login and password

On January 13th, 2022, a W3C Editor’s draft of the Web Content Accessibility Guidelines (WCAG) 2.2 was published on GitHub. Among several updates and new items, it includes processes for making multifactor Authentication more accessible and easier to use. Systems for auto-filling are allowed, as well as copy and paste, so that one does not have always depend on remembering passwords. Email links and text messages are included for those happy with using other applications and devices.

This is welcome help for aspects of multifactor authentication that were described in a previous blog, even though the requirement is not at the hoped for top level. However, it has been set at Level AA, so hopefully this new Success Critera will still be offered by web services later this year. As was mentioned in August 2021, passing the check is based on overcoming what is called the cognitive function test

“A task that requires the user to remember, manipulate, or transcribe information. Examples include, but are not limited to:

  • memorization, such as remembering a username, password, set of characters, images, or patterns. The common identifiers name, e-mail, and phone number are not considered cognitive function tests as they are personal to the user and consistent across websites;
  • transcription, such as typing in characters;
  • use of correct spelling;
  • performance of calculations;
  • solving of puzzles. ” (WCAG 2.2)

It should be pointed out that this draft has yet to be approved, but WCAG have set June 2022 as the date for publication.

As an aside, there is no mention regarding the impact of biometrics (such as facial or finger print recognition) in the WCAG document, which can also be used to support access to web services, but are not available on all devices. These systems do not suit all users, and if passwords are not used as part of a login process these could present another type of barrier.

Time-based one-time passwords (TOTPs) can also cause problems when they have a very short period of use (30 seconds) and a person may fail to complete the action several times and then has to take a break. A January 2022 review by PC Mag UK highlighted the fact that Authenticator apps can offer better security, when compared to text messages (SMS). Some have desktop options that may also be more accessible.