3.3.7 Accessible Authentication (Level AA)

A cognitive function test to log in can only be required under limited circumstances.

What you need to know

• According to W3C, a cognitive function test is a task that “requires the user to remember, manipulate, or transcribe information.” This could take the form of a username and password, doing calculations, or solving a puzzle. 
• These authentication methods require the ability to remember accurately or perform potentially complex mental tasks that may present barriers for people with certain intellectual or learning disabilities. 
• The authentication process may have more than one step (two-factor authentication). For example, after a user inputs their username and password, they may receive a random code by text to input. Both authentication steps need to be accessible. 

What you need to do

• Make sure there’s an alternate way to authenticate and log in to your website that doesn’t require a cognitive test. 
• For each step in an authentication process that depends on a cognitive function test, at least one other authentication method needs to be available that doesn’t, or a mechanism that helps the user complete the cognitive function test must be available.
• The ability to show a password while typing it may improve the chance of success for people with cognitive and other disabilities, as well as for many other people. 
• The ability to copy and paste login credentials from an outside source eliminates the need to transcribe (potentially with errors) the same information. You shouldn’t prevent a user from pasting their login and password into authentication fields.