In today's digital world, organizations must have a strong web presence. Over the past year, companies around the United States have been receiving letters from disability rights advocacy groups and others for their websites to comply with Title III of the Americans with Disabilities Act (ADA).
Websites must comply with the World Wide Web Consortium's Web Content Accessibility Guidelines (WCAG 2.0 AA). Compliance is important because those with impaired hearing or vision as well as those with physical limitations or learning disabilities use special software and assistive technologies to access websites. WCAG 2.0 AA compliance means your website is compatible with those assistive devices and is usable for users with disabilities to access and navigate.
But, some businesses are worried that making their websites more accessible and readable by devices will introduce a problem in another key area: security.
What does WCAG 2.0 mean for your website's security?
Many developers are asking at what point accessibility affects website security. One of the common problems many encounter is with the use of captchas to ensure security of customer transactions and user registrations. Captchas are generally seen as inaccessible to people with disabilities due to difficulties in seeing and hearing letters and numbers.
However, there are alternatives to captcha and similar functions that maintain both security and accessibility. Consider using human test questions, a honeypot trap, heuristic checks, and spam filters. In addition, combining different security options to ensure people with disabilities can access your website increases your site's security and offers alternatives to assessing, collecting, and processing information from different devices they use.
For example, if the purpose of non-text content (captcha) is to confirm that a real person is accessing your content rather than a computer, use text and/or audio alternatives that identify and describe the purpose of your non-text content. You could use text such as "Type the word in the image" and an audio file that speaks "Type the letters spoken in the audio."
Another security concern is providing input assistance to help users avoid and correct mistakes. Input assistance is particularly concerning when users are prompted to enter protected legal, financial, or health-related data. Where the WCAG requires websites to provide user assistance, the guidelines state, "If an input error is automatically detected and suggestions for correction are known, then the suggestions are provided to the user, unless it would jeopardize the security or purpose of the content (Level AA)."
So does website accessibility affect its security?
The short answer: no. The longer answer includes working with security and accessibility experts to design and implement strategies that meet requirements for each.
Using tools and security best practices to ensure information flows through the web safely does not preclude offering accessibility to users with disabilities. Work with professionals to ensure you maintain a certain level of security while meeting or exceeding the WCAG guidelines for accessibility. The reality is that with an online presence there are always security risks that need to be mitigated, and your best course of action is to continually improve and correct problems as they arise.
The end goal is to protect and guarantee the security of your website and any valuable or confidential user information while ensuring anyone, regardless of disability or browsing ability, can access and use it easily.