Version: WCAG 2.2 and up
Number: 3.3.7
Level: A
  • Authentication Forms

A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:

  • Alternative: Another authentication method that does not rely on a cognitive function test.
  • Mechanism: A mechanism is available to assist the user in completing the cognitive function test.
  • Object Recognition: The cognitive function test is to recognize objects.
  • Personal Content: The cognitive function test is to identify non-text content the user provided to the website.
Techniques: Techniques are not yet available for WCAG 2.2 success criteria.


The purpose of this success criterion is to ensure that users with cognitive disabilities can authenticate themselves when cognitive function tests — such as password input, memorization, puzzle solving, and calculations — are used to prevent unauthorized access.


This success criterion is new in WCAG 2.2 and is subject to change until that specification becomes a recommendation.

How to Meet

As it is not common for digital publications to authenticate users, this success criterion rarely applies (authentication is usually done by the user agent).

If authors use authentication forms with cognitive function tests to secure access to some part of a publication, however, they need to ensure there is an alternative that does not rely on a functional test, a means of helping users with the test, or the test only requires recognition of objects or content provided by the user.

Additional Information

The knowledge base does not currently include information on accessible authentication due to the lack of implementation in publishing formats. Refer to the WCAG guidance documents for additional information.