3.3.8: Accessible Authentication (Minimum) [AA]
Description
A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:
- Alternative
- Another authentication method that does not rely on a cognitive function test.
- Mechanism
- A mechanism is available to assist the user in completing the cognitive function test.
- Object Recognition
- The cognitive function test is to recognize objects.
- Personal Content
- The cognitive function test is to identify non-text content the user provided to the Web site.
Note 1
"Object recognition" and "Personal content" may be represented by images, video, or audio.
Note 2
Examples of mechanisms that satisfy this criterion include:
- support for password entry by password managers to reduce memory need, and
- copy and paste to reduce the cognitive burden of re-typing.
Sufficient Techniques
Sufficient Techniques for Success Criterion 3.3.8
Note: Other techniques may also be sufficient if they meet the success criterion. See Understanding Techniques.
- G218: Email link authentication
- H100: Providing properly marked up email and password inputs
- Providing WebAuthn as an alternative to username/password (Potential future technique)
- Providing a 3rd party login using oAuth (Potential future technique)
- Using two techniques to provide 2 factor authentication (Potential future technique)
Advisory Techniques
No advisory techniques for this SC.