Accessible Authentication

A web accessibility requirement introduced in WCAG 2.2 (Success Criterion 3.3.7) that mandates for each step in an authentication process relying on a cognitive function test — such as remembering a password, solving a puzzle, or transcribing distorted text — at least one alternative method must be available that does not depend on cognitive function. Acceptable alternatives include biometric authentication (fingerprint, facial recognition), password managers that auto-fill credentials, magic links sent via email, copy-paste support for passwords, and third-party login providers. This criterion recognizes that cognitive function tests disproportionately burden people with cognitive disabilities such as dyslexia, dyscalculia, and memory impairments, as well as people with age-related cognitive decline. A stricter version, Accessible Authentication (Enhanced) (3.3.8), further limits the exceptions.