What Is Accessible Authentication (WCAG 3.3.8)?

Summary

Accessible Authentication (WCAG 3.3.8) requires login processes to minimize cognitive effort by avoiding tasks like memorization or problem-solving unless alternative, accessible methods are available.

Overview

The purpose of the Criterion is to help users to log in more easily, without compromising on security.

Requirements

To pass this criterion, authenticating should not require users to:
Remember a password
Solve a puzzle or question

Unless:
An alternative way of logging in is offered
It supports Password Managers or copy-pasting passwords
The user must recognize objects or the user’s own non-text content

Additional Notes

In practical terms, for password fields, you simply have to make sure you don’t block any so-called Password Managers, and that you do not restrict copy-pasting a password into the password field. Many browsers support remembering users’ passwords. You can also help this along if you add the HTML attribute called autocomplete on the password field. You actually have to write code specifically for disabling these things, so as long as you don’t deliberately work to avoid Password Managers or copy-pasting, you’re good.

Recognizing common objects, using CAPTCHA, is allowed for AA level, but not for AAA level, which is why we do advice against them.