Accessible Authentication (Enhanced)

Alternative: Another authentication method that does not rely on a cognitive function test.
Mechanism: A mechanism is available to assist the user in completing the cognitive function test.

About

Version:	WCAG 2.2 and up
Number:	3.3.9
Level:	AAA
Applicability:	Authentication Forms
Requirement:	A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following: Alternative: Another authentication method that does not rely on a cognitive function test. Mechanism: A mechanism is available to assist the user in completing the cognitive function test.
Guidance:	Understanding Success Criterion 3.3.9 How to meet Success Criterion 3.3.9
Techniques:	Techniques are not yet available for WCAG 2.2 success criteria.

Purpose

The purpose of this success criterion is to ensure that users with cognitive disabilities can authenticate themselves when cognitive function tests — such as password input, memorization, puzzle solving, and calculations — are used to prevent unauthorized access.

How to Meet

This success criterion only differs from 3.3.8 in that no exception is made for functional tests that require the recognition of objects or content provided by the user.

As it is not common for digital publications to authenticate users, this success criterion rarely applies (authentication is usually done by the user agent).

Additional Information

The knowledge base does not currently include information on accessible authentication due to the lack of implementation in publishing formats. Refer to the WCAG guidance documents for additional information.