If your website authentication requires a cognitive function test, make sure it has an alternative that doesn’t have such a test.
What you need to know
- The AA success criterion 3.3.7 allows authentication by using object or content recognition (for example, check every box with a traffic light), but 3.3.8 level AAA doesn’t.
- Common identifiers such as name, e-mail, and phone number are not considered cognitive function tests.
What you need to do
- Ensure that if your authentication process involves more than one step, all of them are accessible.
- If an external device is used to authenticate a user, you need to ensure that the process used on that device is fully accessible.