3.3.8 Accessible Authentication – No Exception (Level AAA)

If your website authentication requires a cognitive function test, make sure it has an alternative that doesn’t have such a test.

What you need to know

  • The AA success criterion 3.3.7 allows authentication by using object or content recognition (for example, check every box with a traffic light), but 3.3.8 level AAA doesn’t. 
  • Common identifiers such as name, e-mail, and phone number are not considered cognitive function tests.

What you need to do

  • Ensure that if your authentication process involves more than one step, all of them are accessible.
  • If an external device is used to authenticate a user, you need to ensure that the process used on that device is fully accessible.


Read the full explanation of success criterion 3.3.8 on

Related Resource