angus/WCAG
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
deed72cfba9eab44ac5d6245398e7fec71aa85b7
WCAG/3-understandable/3.3.8-accessible-authentication-minimum.md
T
angus deed72cfba fixed broken links
2025-12-23 21:04:52 -05:00

2.4 KiB
Raw Blame History

Back to 3 Understandable index

3.3.8 Accessible Authentication (Minimum)

  • Level: AA
  • Guideline: 3.3 Input Assistance
  • Principle: 3 Understandable

What it is

A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:

  • Alternative: Another authentication method that does not rely on a cognitive function test.
  • Mechanism: A mechanism is available to assist the user in completing the cognitive function test.
  • Object Recognition: The cognitive function test is to recognize objects.
  • Personal Content: The cognitive function test is to identify non-text content the user provided to the website.

How to test

  • Check: Another authentication method that does not rely on a cognitive function test.
  • Check: A mechanism is available to assist the user in completing the cognitive function test.
  • Check: The cognitive function test is to recognize objects.
  • Check: The cognitive function test is to identify non-text content the user provided to the website.
  • Use the sufficient techniques below as acceptable methods when applicable.
  • Confirm none of the common failures apply.

Sufficient techniques (W3C)

  • G218: Email link authentication
  • H100: Providing properly marked up email and password inputs
  • Providing WebAuthn as an alternative to username/password (Potential future technique)
  • Providing a third-party login using OAuth (Potential future technique)
  • Using two techniques to provide two-factor authentication (Potential future technique)

Common failures (W3C)

  • F109: Failure of Success Criterion 3.3.8 and 3.3.9 due to preventing password or code re-entry in the same format

Notes

  • Note 1: "Object recognition" and "Personal content" may be represented by images, video, or audio.
  • Note 2: Examples of mechanisms that satisfy this criterion include: support for password entry by password managers to reduce memory need, and copy and paste to reduce the cognitive burden of re-typing.

Resources

Back to 3 Understandable index

Reference in New Issue View Git Blame Copy Permalink