3.3.8: Accessible Authentication (Minimum) [AA]


A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:

Another authentication method that does not rely on a cognitive function test.
A mechanism is available to assist the user in completing the cognitive function test.
Object Recognition
The cognitive function test is to recognize objects.
Personal Content
The cognitive function test is to identify non-text content the user provided to the Web site.
Note 1

"Object recognition" and "Personal content" may be represented by images, video, or audio.

Note 2
Examples of mechanisms that satisfy this criterion include:
  1. support for password entry by password managers to reduce memory need, and
  2. copy and paste to reduce the cognitive burden of re-typing.