Clarification on password re-entry in 3.3.7 Redundant Entry

[jamieherrera]

Hello,
Several issues (now closed) have hashed out various scenarios for essential re-entry, such as when entering something for the first time, like a new password, a SSN, or email address, where the purpose is user error prevention. What about when the purpose is not error prevention?

With regard to the language of being required,

information previously entered by or provided to the user that is required to be entered again

is there any responsibility to demonstrate that the information being repeated is required, and not just a nice to have? Or is that outside of the accessibility discussion?

As in, could the SC fail for an author requiring a user to enter information a second time arbitrarily? Say, a password requirement a second time after going through 2 factor authentication.... just for example sake.

[detlevhfischer]

@jamieherrera Not entirely sure I get your point. Requiring entering of a password a second time after 2F authentification would probably be bad design for all, even if you'd have to say, from a formal conformance standpoint, that it falls under "required to ensure the security of the content" ("because that's the way be built it").