Start scanning free

( Understandable / WCAG 3.3.8 )

Accessible authentication requires cognitive function test

This check maps to Accessible Authentication (Minimum). Use the guidance below to confirm the issue, understand who it affects and ship a fix.

Serious Level AA WCAG 3.3.8 — Accessible Authentication (Minimum)

What’s wrong

A login or authentication process requires the user to solve a cognitive function test — such as a CAPTCHA or puzzle — with no accessible alternative available.

Why it matters

New in WCAG 2.2. People with cognitive disabilities, dyslexia, or low vision often cannot reliably solve CAPTCHAs. Blocking authentication behind a test that excludes these users prevents them from accessing the service entirely.

How to fix it

Provide an authentication method that does not require solving a cognitive test, or provide an accessible alternative.

Before
<!-- CAPTCHA as the only option -->
<div class="g-recaptcha" data-sitekey="..."></div>
<button type="submit">Log in</button>
After
<!-- Magic link -->
<label for="email">Email address</label>
<input type="email" id="email" autocomplete="email">
<button type="submit">Send me a login link</button>

<!-- Or passkey -->
<button type="button" id="passkey-login">
  Sign in with passkey
</button>

Passkeys, magic email links, SMS codes, and OAuth all satisfy this criterion.

Learn more