Understandable WCAG 3.3.8

Accessible Authentication

Authentication must not require cognitive function tests (memorizing, transcribing, puzzles) unless an alternative exists. Allow paste in password fields. Support password managers. New in WCAG 2.2.

In plain terms

Logging in shouldn't depend on memory puzzles or copying codes by hand — allow password managers and pasting.

Why this matters

Login steps that demand memorising codes, solving puzzles, or transcribing characters block people with cognitive and memory disabilities. Many can't complete a CAPTCHA or one-time-code dance at all.

How to detect

Quick check

Review your login and password reset. Does anything require a memory or transcription test with no alternative? Check that password fields allow paste and work with password managers.

Embed code

Image link

HTML

<a href="https://joegullo.com/resources/accessibility-glossary/accessible-authentication"><img src="https://joegullo.com/glossary-card/accessible-authentication.svg" alt="Accessible Authentication — Accessibility Glossary" width="600" /></a>

Markdown

Accessible Authentication

Why this matters

How to detect

Related