By Dr. Chris Olson
In an Increasingly Digital World, Accessibility and Cybersecurity Have Emerged as Significant Factors for Both Individuals and Organizations.
Digital accessibility refers to the design and development of digital content and technologies that are accessible to all, including individuals with disabilities who utilize assistive technology to help them access information and interact with websites and mobile applications. On the other hand, cybersecurity focuses on protecting digital assets, data, and systems from
unauthorized access, breaches, and cyber threats.
While these two concepts may seem distinct, they are both essential for creating an inclusive and secure online environment. To fully grasp the relationship between the two aspects and how they need to work in conjunction, it is necessary to have a basic understanding of digital accessibility and how cybersecurity practices can inadvertently create accessibility barriers.
Defining Digital Accessibility
Digital accessibility refers to the design and development of digital content, services, and technologies that can be used effectively by individuals with disabilities. This encompasses a wide range of aspects, including websites, mobile apps, documents, software, and more. The goal of digital accessibility is to eliminate barriers and ensure that all users, regardless of their physical, sensory, or cognitive abilities, can access and interact with digital resources independently or with the use of assistive technology. Examples of assistive technology include screen reading software like JAWS for those with visual impairments and voice-recognition software like Dragon NaturallySpeaking for those who cannot easily use a traditional keyboard and/or mouse to interact with a computer.
The internationally recognized guidelines and standards for digital accessibility were created by the World Wide Web Consortium (W3C). The Web Content Accessibility Guidelines (WCAG) are organized into four principles:
Perceivable:
Information and user interface components must be presented in a way that can be perceived by all users, regardless of their sensory abilities.
Understandable:
Content and operation of the user interface should be clear and understandable to all users, including those with cognitive disabilities.
Operable:
Users must be able to navigate and interact with the interface effectively, using various input methods such as a keyboard, mouse, or touch screen.
Robust:
The digital content should be able to withstand various assistive technologies and be accessible as technologies evolve.
There are three levels of compliance associated with the WCAG: A, AA, and AAA. The current recommendation from the W3C is WCAG 2.1, and organizations should ensure their websites meet the WCAG 2.1 AA standards. The WCAG 2.2 should become the official recommendation very soon, and the WCAG 3.0 standards are already in draft form.
Security Practices May Create Accessibility Barriers
Cybersecurity practices and digital accessibility have sometimes clashed, leading to unintentional barriers for users. For example, a security practice used frequently in the past prevented users from pasting passwords into login forms. While this might seem like a reasonable security measure to deter password sharing or brute-force attacks, it created significant accessibility issues for individuals who rely on password managers, screen readers, or voice recognition. These users found it incredibly challenging to enter their credentials, effectively locking them out of many online services.
Another example is the widespread use of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) challenges. These puzzles, designed to distinguish between humans and automated bots, often involved tasks that were difficult or impossible for users with disabilities to complete. As a result, CAPTCHA presented an accessibility barrier for many individuals when trying to access websites or online services. The clash between digital accessibility and cybersecurity practices highlights a critical need for a synergistic relationship between the two. It is clear that security measures should not come at the expense of accessibility. Rather, they should complement each other to create a digital environment that is both secure and inclusive.
The Future of the Relationship Between Accessibility and Cybersecurity
As technology continues to evolve, accessibility and cybersecurity practices should both improve, with an emphasis on synergy rather than conflict. Here are some key trends and expectations for the future:
Advanced Authentication Methods:
To enhance security while maintaining accessibility, future authentication methods will focus on utilizing biometrics, multi-factor authentication (MFA), and adaptive authentication. Biometric authentication, such as fingerprint or facial recognition, can provide robust security without compromising accessibility for users with disabilities.
Ai-Powered Accessibility Solutions:
Artificial intelligence (AI) and machine learning technologies will play a pivotal role in improving digital accessibility. AI-powered tools can automatically generate alt text for images, provide real-time captions for videos, and make content more adaptable to individual user needs.
Inclusive Design:
The principles of inclusive design will become central to both accessibility and cybersecurity. This approach involves designing products and services that are accessible from the outset, ensuring that they cater to diverse user needs and are inherently more secure.
Collaboration and Awareness:
Increased collaboration between cybersecurity and accessibility experts will lead to better solutions.
Meeting Accessibility and Security Challenges in a Post-covid Pandemic World
The COVID-19 pandemic has caused more individuals than ever to rely on online platforms to access critical services, such as healthcare, education, and government assistance programs. Ensuring that these services are accessible and secure is necessary. Here are steps that government, health, and other organizations can take:
Training
Provide training among developers about the importance of both accessibility and cybersecurity. Encourage collaboration between accessibility experts and cybersecurity teams.
User Testing
Involve individuals with disabilities in the development and testing phases to identify accessibility barriers early in the process.
Regular Audits
Conduct regular accessibility and security audits to ensure compliance with standards and regulations.
Best Practices for Designing Secure and Accessible Websites and Apps
Creating digital platforms that are both accessible and secure requires a thoughtful and strategic approach. Here are some best practices for making accessible websites and apps secure:
Posterize User-Centered Design:
Consider the needs of individuals with disabilities and design with inclusivity in mind to help prevent the creation of accessibility barriers.
Conduct Regular Security Assessments:
Continuously evaluate your platform’s security measures to identify vulnerabilities and address them promptly. Regular penetration testing and security audits are essential.
Implement Strong Authentication Methods:
Use modern, secure authentication methods such as biometrics and multi-factor authentication that are accessible to all users, including those with disabilities.
Accessibility Testing:
Regularly test websites and apps for accessibility compliance. Use automated testing tools, but also engage individuals with disabilities for real-world feedback.
Regular Updates:
Keep your software and systems up to date with the latest security patches and accessibility improvements. Staying current is crucial.
Collaboration:
Foster collaboration between accessibility experts, developers, and cybersecurity teams.
In conclusion, organizations must ensure that their software, websites, and mobile apps are secure and accessible to all. By following best practices and fostering collaboration, platform designers and cybersecurity providers can create accessible websites and apps that are secure for everyone, ensuring that all users can access an organization’s online platforms and that their information will be secure from being accessed by those with malicious intent.
Author
Dr. Chris Olson
Associate Professor,
Dakota State University