Start Free Team Trial

The WCAG Explained

Simplified and actionable explanations of every WCAG 2.2 criteria

Accessible Authentication (Minimum)

Summary:
WCAG 3.3.8, "Accessible Authentication (Minimum)," aims to ensure that authentication processes (like logging in) are accessible to all users, including those with disabilities. This guideline addresses the challenges some users face during authentication, particularly those who cannot meet complex cognitive tests.

What:
The criterion requires that authentication processes do not rely solely on cognitive function tests, like remembering or transcribing characters, unless a mechanism is available to assist the user.

Why:
Cognitive tests in authentication can be a significant barrier for users with memory, attention, or comprehension difficulties. Providing accessible alternatives ensures that these users can securely access content without undue hardship.

Examples and Scenarios:

  1. Password Inputs: Allowing users to use password managers to fill in credentials.
  2. Biometric Authentication: Offering fingerprint or facial recognition as alternatives to memory-based passwords.
  3. Multi-Factor Authentication: Implementing mechanisms like sending a code to a user's device, which doesn't require cognitive effort beyond entering the received code.

How to Comply:

  • Websites: Enable the use of password managers, offer biometric authentication options, or provide alternative methods like sending a code via text or email that users can simply enter.
  • Mobile Apps: Implement similar features, ensuring users can authenticate without relying solely on memory-based methods.
  • Software Applications: Integrate accessible authentication methods, including biometric options or external authentication devices, to accommodate users with cognitive disabilities.

Exceptions:

  • Security Requirements: In situations where specific cognitive tests are essential for security reasons, such as in banking or government services.
  • Technical Limitations: Cases where current technology or security constraints make it challenging to implement alternative authentication methods.
  • Regulatory Compliance: When legal or regulatory requirements dictate the use of certain types of authentication processes.

WCAG Links

WCAG 2.2 documentation

Official WCAG criterion documentation

Understanding SC 3.3.8

Documentation and examples from the WCAG

WCAG How to Meet

Technical deep dives on how to meet specific criteria in the WCAG by W3C