Understanding Accessible Authentication


The intent of this success criterion is to ensure that, that users do not encounter a barrier that prevents them from accessing content that they could otherwise use.

Most user interfaces are designed to help users complete tasks. However, traditionally, web security and privacy technologies intentionally introduce barriers to task completion. They require users to perceive more and to do more to complete tasks.

Web security and privacy technologies often block people with cognitive and/or physical disabilities who may not be able to:

The scope of the problem is vast because, for examples, people with disabilities:

Many user authentication methods rely upon trying to differentiate between a human, and software (bots) that try to pose as a human. The most common way of trying to make this distinction is by the setting of tasks that rely upon human abilities, and that are almost impossible for software (bots) to perform. These methods can frequently be quite challenging for people who have a high level of cognitive ability. For people who have  a disability or cognitive disability such as dementia, an authentication task often presents an insurmountable barrier.


The benefit of this success criteria is it allows people with cognitive and learning disabilities to use many  important sites. Long changing passwords and  other difficult authentication procedures prevent many people from using critical services. For example,  people cannot make doctors appointments by themselves and often put off making a doctor appointment as not to be a burden to other people.. This may be partly responsible for the reduced life expectancy of people with learning and cognitive disabilities.

With this success criterion, people who are able to use a primary user authentication method will be able to successfully complete a user authentication procedure almost irrespective of the level of their cognitive abilities. Those who have to use an alternative method will be able to successfully complete a user authentication even though they have limited levels of the cognitive abilities specified in the success criterion.


  1. As a user who has memory impairments and often forgets passwords, I need to be able to use a site, without remembering or copying passwords and usernames, so that I can use this service.
  2. As a user who has impairments, I need to be able to use a site without being required to copy items in the correct sequence.
  3. As a user who has weak executive function, I need the login process to be simple, and not multi-step, so that I can use it.
  4. As a symbol user, I need a login process I can use.