A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:
- Alternative: Another authentication method that does not rely on a cognitive function test.
- Mechanism: A mechanism is available to assist the user in completing the cognitive function test.
- Object Recognition: The cognitive function test is to recognize objects.
- Personal Content: The cognitive function test is to identify non-text content the user provided to the Web site.
Don’t make people solve, recall, or transcribe something to log in.
Some people with cognitive disabilities cannot solve puzzles, memorize a username and password, or retype one-time passcodes.
WCAG Failure F109: Preventing password or code re-entry in the same format.