42 lines
1.7 KiB
Markdown
42 lines
1.7 KiB
Markdown
[Back to 3 Understandable index](index.html)
|
|
|
|
# 3.3.9 Accessible Authentication (Enhanced)
|
|
|
|
- Level: AAA
|
|
- Guideline: 3.3 Input Assistance
|
|
- Principle: 3 Understandable
|
|
|
|
## What it is
|
|
|
|
A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:
|
|
|
|
- **Alternative:** Another authentication method that does not rely on a cognitive function test.
|
|
- **Mechanism:** A mechanism is available to assist the user in completing the cognitive function test.
|
|
|
|
## How to test
|
|
|
|
- Check: Another authentication method that does not rely on a cognitive function test.
|
|
- Check: A mechanism is available to assist the user in completing the cognitive function test.
|
|
- Use the sufficient techniques below as acceptable methods when applicable.
|
|
- Confirm none of the common failures apply.
|
|
|
|
## Sufficient techniques (W3C)
|
|
|
|
- G218: Email link authentication
|
|
- H100: Providing properly marked up email and password inputs
|
|
- Providing WebAuthn as an alternative to username/password (Potential future technique)
|
|
- Providing a third-party login using OAuth (Potential future technique)
|
|
- Using two techniques to provide two-factor authentication (Potential future technique)
|
|
|
|
## Common failures (W3C)
|
|
|
|
- F109: Failure of Success Criterion 3.3.8 and 3.3.9 due to preventing password or code re-entry in the same format
|
|
|
|
## Resources
|
|
|
|
- WCAG 2.2 SC: https://www.w3.org/TR/WCAG22/#accessible-authentication-enhanced
|
|
- Understanding: https://www.w3.org/WAI/WCAG22/Understanding/accessible-authentication-enhanced.html
|
|
- Quick reference: https://www.w3.org/WAI/WCAG22/quickref/?versions=2.2#accessible-authentication-enhanced
|
|
|
|
[Back to 3 Understandable index](index.html)
|