Success Criterion 3.3.7 ensures that there is a good and easy way to log in to websites. Most people use usernames and passwords for logging in, but this can be hard for people with certain mental disabilities.
Below are some items to consider in relation to Accessible Authentication:
Typing in a Password
Even something as simple as typing in a password can cause issues for someone who is not able to retain that much memory at any one time. Hiding characters while you are typing them is a common practice when typing in a password, but it is important to remember that some users may find this difficult particularly when the website requires a minimum number of characters for the password. There may be scenarios where users need to see their passwords such as when they’re registering to the website. Consider allowing your audience to have the option to show or hide their inputted text instead of strictly requiring one behaviour over another.
Password Managers
A website can use a username and password to make sure someone is who they say they are. If the login form meets accessibility standards, then the web browser or 3rd party password manager will be able to reliably recognize the fields and fill them in for you.
Alternatively, if a password manager cannot automatically log most would have a copy and paste option as a way to avoid typing. If you copy your login credentials from a site on your computer, you can then paste them into the username and password fields of the website.
It is short to say that a website login that uses a user name and password should allow either of these options in order to make the process of logging in easier for someone with mental disabilities.
Cognitive Function Tests
Websites today are now increasing security online with more features being added when logging into a website such as cognitive function tests. A cognitive function test is used to measure a person’s ability to remember words, numbers, or images over time. However, these tests are problematic for people with certain disabilities because they can be difficult for them and they might not perform well on the task. A common example of this type of testing would involve asking someone to recall random strings of characters that were displayed earlier in order as proof that they really remembered what was shown on-screen at some point before. This could also include a pattern gesture performed by touching objects located somewhere else entirely (i.e., pushing buttons arranged around an image).
Additionally, if a user is trying to recover their account, they should not have to take another cognitive function test. An alternative authentication method that doesn’t rely on the mind would work better in this case since recovering an email address and password may be difficult for some users who are dealing with disabilities or other issues like memory loss due to old age.
Captcha
CAPTCHA’s are only effective as an authentication tool if they do not include cognitive tests. Cognitive testing would be anything that a website requires the user to remember, such as transcribe or recognize something provided by the site. If it does include a cognitive test then there should be another alternative way provided for users with cognitive disabilities to log in.
An example of Captchas used is to identify specific pictures that contain objects within them. Some objects may have different meanings in different places. For example, taxis can look different in the US than they do in Europe. This can be a problem for people who are not from that country and cannot read the language because they might not know what it is.