A cognitive function test to log in can only be required under limited circumstances.
What you need to know
- According to W3C, a cognitive function test is a task that “requires the user to remember, manipulate, or transcribe information.” This could take the form of a username and password, doing calculations, or solving a puzzle.
- These authentication methods require the ability to remember accurately or perform potentially complex mental tasks that may present barriers for people with certain intellectual or learning disabilities.
- The authentication process may have more than one step (two-factor authentication). For example, after a user inputs their username and password, they may receive a random code by text to input. Both authentication steps need to be accessible.
What you need to do
- Make sure there’s an alternate way to authenticate and log in to your website that doesn’t require a cognitive test.
- For each step in an authentication process that depends on a cognitive function test, at least one other authentication method needs to be available that doesn’t, or a mechanism that helps the user complete the cognitive function test must be available.
- The ability to show a password while typing it may improve the chance of success for people with cognitive and other disabilities, as well as for many other people.
- The ability to copy and paste login credentials from an outside source eliminates the need to transcribe (potentially with errors) the same information. You shouldn’t prevent a user from pasting their login and password into authentication fields.
Reference
Read the full explanation of success criterion 3.3.7 on W3.org.