angus/WCAG
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Angus Kola
2025-12-22 00:21:10 -05:00
commit 2bd947dfe5
91 changed files with 3819 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
3-understandable/3.3.8-accessible-authentication-minimum.md
+50
View File
@@ -0,0 +1,50 @@
[Back to 3 Understandable index](index.md)
# 3.3.8 Accessible Authentication (Minimum)
- Level: AA
- Guideline: 3.3 Input Assistance
- Principle: 3 Understandable
## What it is
A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:
- **Alternative:** Another authentication method that does not rely on a cognitive function test.
- **Mechanism:** A mechanism is available to assist the user in completing the cognitive function test.
- **Object Recognition:** The cognitive function test is to recognize objects.
- **Personal Content:** The cognitive function test is to identify non-text content the user provided to the website.
## How to test
- Check: Another authentication method that does not rely on a cognitive function test.
- Check: A mechanism is available to assist the user in completing the cognitive function test.
- Check: The cognitive function test is to recognize objects.
- Check: The cognitive function test is to identify non-text content the user provided to the website.
- Use the sufficient techniques below as acceptable methods when applicable.
- Confirm none of the common failures apply.
## Sufficient techniques (W3C)
- G218: Email link authentication
- H100: Providing properly marked up email and password inputs
- Providing WebAuthn as an alternative to username/password (Potential future technique)
- Providing a third-party login using OAuth (Potential future technique)
- Using two techniques to provide two-factor authentication (Potential future technique)
## Common failures (W3C)
- F109: Failure of Success Criterion 3.3.8 and 3.3.9 due to preventing password or code re-entry in the same format
## Notes
- Note 1: "Object recognition" and "Personal content" may be represented by images, video, or audio.
- Note 2: Examples of mechanisms that satisfy this criterion include: support for password entry by password managers to reduce memory need, and copy and paste to reduce the cognitive burden of re-typing.
## Resources
- WCAG 2.2 SC: https://www.w3.org/TR/WCAG22/#accessible-authentication-minimum
- Understanding: https://www.w3.org/WAI/WCAG22/Understanding/accessible-authentication-minimum.html
- Quick reference: https://www.w3.org/WAI/WCAG22/quickref/?versions=2.2#accessible-authentication-minimum
[Back to 3 Understandable index](index.md)