5.1.3.8: Masked entry

Where auditory output is provided as non-visual access to closed functionality, and the characters displayed are masking characters, the auditory output shall not be a spoken version of the characters entered unless the auditory output is known to be delivered only to a mechanism for private listening, or the user explicitly chooses to allow non-private auditory output.

Notes

  1. Masking characters are usually displayed for security purposes and include, but are not limited to asterisks representing personal identification numbers.
  2. Unmasked character output might be preferred when closed functionality is used, for example, in the privacy of the user's home. A warning highlighting privacy concerns might be appropriate to ensure that the user has made an informed choice.

Testing methods

 

Type of complianceTesting
Pre-conditions
  1. Auditory output is provided as non-visual access to closed functionality.
  2. The characters displayed are masking characters.
  3. The user does not explicitly choose to allow non-private auditory output.
Procedure
  1. Check that the auditory output is not a spoken version of the characters entered.
  2. Check that the auditory output is known to be delivered only to a mechanism for private listening.
  3. If 1 and 2 are false, check that the user has explicitly chosen to allow non-private auditory output.
Result Pass: Any check is true
Fail: All checks are false

Requirement details

Reference number: 5.1.3.8

Related requirements

Related functional statements

Related technical requirements

No related technical requirements are associated with this technical requirement