A11ying with Sanna - Web Content Accessibility Guidelines a guide to the accessibility requirements
3 Understandable

3.3.9 Accessible Authentication (Enhanced)

Conformance level: AAA
Criterion released in WCAG version: 2.2

Official description of the success criterion

A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:

  • Alternative: Another authentication method that does not rely on a cognitive function test.
  • Mechanism: A mechanism is available to assist the user in completing the cognitive function test. 

What to do?

Don’t make people recognize objects or user-supplied images and media to login.

Why is it important?

Some people with cognitive disabilities can't do puzzles, including identifying objects and non-text information they previously supplied.

Common pitfalls

WCAG Failure F109: Preventing password or code re-entry in the same format.

Using object recognition or personal content in the authentication process.

More about this criterion elsewhere