WCAG 2.2 – Criterion 3.3.9 – Accessible authentication (enhanced) (Level AAA)

Today, we’re covering criterion WCAG 3.3.9 Accessible Authentication (enhanced) at AAA level, which is a more detailed version of criterion 3.3.8 at AA level. You can find a post about this here in your previous blog post.

What does W3C recommend for WCAG 3.3.9 Accessible Authentication (enhanced)?

What’s the difference between the AA and AAA levels in this area?

First of all, WCAG criterion 3.3.9 emphasizes that logging in should not require a lot of mental effort.

How can we achieve this?

User authentication should NOT involve solving logic puzzles, doing math problems, or recognizing images. At no stage should users be required to enter a previously memorized password, unless:

• There’s an alternative login option (not involving cognitive tests) – like YubiKey or simple autofill;
• There’s a tool available to help solve the test.

Why is this so important?

Some people with intellectual disabilities may not be able to solve puzzles, recognize objects, or remember non-text information they provided earlier. This could also be due to cognitive difficulties related to memory, reading (dyslexia), math (dyscalculia), or challenges in processing sensory information.