Web Content Accessibility Guidelines a guide to the accessibility requirements
3 Understandable

3.3.8 Accessible Authentication (Minimum)

Conformance level: AA
Criterion released in WCAG version: 2.2

Official description of the success criterion

A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:

  • Alternative: Another authentication method that does not rely on a cognitive function test.
  • Mechanism: A mechanism is available to assist the user in completing the cognitive function test.
  • Object Recognition: The cognitive function test is to recognize objects.
  • Personal Content: The cognitive function test is to identify non-text content the user provided to the Web site. 

What to do?

Don’t make people solve, recall, or transcribe something to log in.

Why is it important?

Some people with cognitive disabilities cannot solve puzzles, memorize a username and password, or retype one-time passcodes.

Common pitfalls

WCAG Failure F109: Preventing password or code re-entry in the same format.

More about this criterion elsewhere