86

Login processes must not solely rely on cognitive tests. All steps in a login process must support some method that does not rely on memory or knowledge.

WGAC 2 criterion	3.3.8 Accessible Authentication (AA)
Category	Forms and Inputs
ACT Rules

WCAG 2 criterion

3.3.8 Accessible Authentication (Minimum) (Level AA)

Tools and requirements

Manual Evaluation

Test procedure

Logins must support some method of entry that does not solely rely on memory. Most often, you will encounter logins that are password/username combos. This criterion is not saying those are forbidden, rather that there must be some way of providing authentication that doesn't require the user to memorize anything.

This criterion also applies to two-factor authentication/multi-factor authentication (2FA/MFA). Any 2FA/MFA solution must also meet this criterion. (Duo Mobile and Beyond Identity - the Cornell 2FA mechanisms as of 2023 - support this criterion)

CAPTCHA that is object recognition based is allowed (this does NOT mean identify the scrambled text, an object is something tangible in this context). CAPTCHA that relies on solving a math problem or a puzzle is not.

This can be achieved by ensuring at least one of the following is supported.

Allowing browsers to automatically insert passwords and usernames for the user.
Allowing users to paste passwords and usernames in their respective fields.
Allowing password managers (like LastPass) to insert username/password information.
Using a non-password based authentication system (such as a biometric)
Allowing a third-party provider to sign-in on behalf of the user
Using a QR code scan to sign in.

AI Prompt

Create a PHP class in the namespace "App\Services\AccessibilityAnalyzer\GuidelineRules"
that extends "App\Services\AccessibilityAnalyzer\GuidelineRuleRunner" and is called "Guideline86" that has a function with the signature "protected function findApplicableElements(Crawler $crawler): Crawler". The base class includes the function "protected function isElementIncludedInAccessibilityTree(\DOMNode $element): bool" for determining if an element is included in the accessibility tree.

Web accessibility guideline:

## Login processes must not solely rely on cognitive tests.  All steps in a login process must support some method that does not rely on memory or knowledge.

### WCAG 2 criterion

3.3.8 Accessible Authentication (Minimum) (Level AA)

### Tools and requirements

* Manual Evaluation

## Test procedure

Logins must support some method of entry that does not solely rely on memory.  Most often, you will encounter logins that are password/username combos.  This criterion is not saying those are forbidden, rather that there must be some way of providing authentication that doesn't require the user to memorize anything.

This criterion also applies to two-factor authentication/multi-factor authentication (2FA/MFA).  Any 2FA/MFA solution must also meet this criterion.  (Duo Mobile and Beyond Identity \- the Cornell 2FA mechanisms as of 2023 \- support this criterion)

CAPTCHA that is object recognition based is allowed (this does NOT mean identify the scrambled text, an object is something tangible in this context).  CAPTCHA that relies on solving a math problem or a puzzle is not.

This can be achieved by ensuring at least one of the following is supported.

* Allowing browsers to automatically insert passwords and usernames for the user.  
* Allowing users to paste passwords and usernames in their respective fields.  
* Allowing password managers (like LastPass) to insert username/password information.  
* Using a non-password based authentication system (such as a biometric)  
* Allowing a third-party provider to sign-in on behalf of the user  
* Using a QR code scan to sign in.

Web Accessibility Reviews

AI Chat

AI Assistance Chat

AI Response

Debugging info

86

Login processes must not solely rely on cognitive tests. All steps in a login process must support some method that does not rely on memory or knowledge.

WCAG 2 criterion

Tools and requirements

Test procedure

AI Prompt