3.3.7 Accessible Authentication (Level AA)

A cognitive function test to log in can only be required under limited circumstances.

What you need to know

  • According to W3C, a cognitive function test is a task that “requires the user to remember, manipulate, or transcribe information.” This could take the form of a username and password, doing calculations, or solving a puzzle. 
  • These authentication methods require the ability to remember accurately or perform potentially complex mental tasks that may present barriers for people with certain intellectual or learning disabilities. 
  • The authentication process may have more than one step (two-factor authentication). For example, after a user inputs their username and password, they may receive a random code by text to input. Both authentication steps need to be accessible. 

What you need to do

  • Make sure there’s an alternate way to authenticate and log in to your website that doesn’t require a cognitive test. 
  • For each step in an authentication process that depends on a cognitive function test, at least one other authentication method needs to be available that doesn’t, or a mechanism that helps the user complete the cognitive function test must be available.
  • The ability to show a password while typing it may improve the chance of success for people with cognitive and other disabilities, as well as for many other people. 
  • The ability to copy and paste login credentials from an outside source eliminates the need to transcribe (potentially with errors) the same information. You shouldn’t prevent a user from pasting their login and password into authentication fields.


Read the full explanation of success criterion 3.3.7 on

Related Resource