Review: 3.3.8 Accessible Authentication (Minimum) (AA) #89
Description
Task: Edit MCAG section 3.3.8 considering the mobile research questions (to be completed)
A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:
Alternative: Another authentication method that does not rely on a cognitive function test.
Mechanism: A mechanism is available to assist the user in completing the cognitive function test.
Object Recognition: The cognitive function test is to recognize objects.
Personal Content: The cognitive function test is to identify non-text content the user provided to the Web site.
Note 1: What is perceived as the user interface component or sub-component (to determine enclosure or size) depends on its visual presentation. The visual presentation includes the component's visible content, border, and component-specific background. It does not include shadow and glow effects outside the component's content, background, or border.
Note 2: Examples of mechanisms that satisfy this criterion include:
support for password entry by password managers to reduce memory need, and
copy and paste to reduce the cognitive burden of re-typing.
Sufficient Techniques for Success Criterion 3.3.8
Note: Other techniques may also be sufficient if they meet the success criterion. See Understanding Techniques.
G218: Email link authentication
H100: Providing properly marked up email and password inputs
Providing WebAuthn as an alternative to username/password (Potential future technique)
Providing a 3rd party login using oAuth (Potential future technique)
Using two techniques to provide 2 factor authentication (Potential future technique)
Failures for Success Criterion 3.3.8
F109: Failure of Success Criterion 3.3.8 and 3.3.9 due to preventing password or code re-entry in the same format