Rule: Accessible Authorization (Minimum)

Rule ID	Authorization 1
Conformance	Required
Definition	A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of four ways of completing the test.
Purpose	People with cognitive issues relating to memory, reading (for example, dyslexia), numbers (for example, dyscalculia), or perception-processing limitations will be able to authenticate irrespective of the level of their cognitive abilities.
Conformance	Required
WCAG Success Criteria	Success Criterion 3.3.8 Accessible Authentication (Minimum) Other Related Success Criterion:
Rule Category	Forms
Rule Scope	Page
Techniques	Email link authentication Providing properly marked up email and password inputs Providing WebAuthn as an alternative to username/password Providing a 3rd party login using OAuth Using two techniques to provide 2 factor authentication
Information Links	W3C WCAG: Understanding Accessible Authentication (Minimum) G218: Email link authentication H100: Providing properly marked up email and password inputs F109: Failure of Success Criterion 3.3.8 and 3.3.9 due to preventing password or code re-entry in the same format OAuth 2.0 Specficiation