Version: WCAG 2.2 and up
Number: 3.3.8
Level: AAA
  • Authentication Forms

A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:

  • Alternative: Another authentication method that does not rely on a cognitive function test.
  • Mechanism: A mechanism is available to assist the user in completing the cognitive function test.
Techniques: Techniques are not yet available for WCAG 2.2 success criteria.


The purpose of this success criterion is to ensure that users with cognitive disabilities can authenticate themselves when cognitive function tests — such as password input, memorization, puzzle solving, and calculations — are used to prevent unauthorized access.


This success criterion is new in WCAG 2.2 and is subject to change until that specification becomes a recommendation.

How to Meet

This success criterion only differs from 3.3.7 in that no exception is made for functional tests that require the recognition of objects or content provided by the user.

As it is not common for digital publications to authenticate users, this success criterion rarely applies (authentication is usually done by the user agent).

Additional Information

The knowledge base does not currently include information on accessible authentication due to the lack of implementation in publishing formats. Refer to the WCAG guidance documents for additional information.