If a platform, app, or website requires account authentication, the user flow must not include a cognitive function test for account authentication or creation. Offering second-device account creation and login offers more security and ease of access for users.
3.3.2-A
Platforms, apps, and websites must not use cognitive function tests like CAPTCHAs for authentication or account creation, as these can create barriers for users with disabilities.
3.3.2-B
Platforms, apps, and websites must not solely rely on username and password authentication. They must provide at least one alternative, accessible authentication method–SMS or email authentication, biometric authentication, second-device app authorization with numeric codes, or local network handshakes.
3.3.2-C
Quick response codes (QR codes), when used for authentication purposes, must represent simple, readable, and understandable URLs. The URL must also be visible on the screen for users who cannot use a QR code. Screen reader and text-to-speech scripts must notify the user of the QR code and speak the URL.
3.3.2-D
Account screens that require the use of codes or links must have repeatable text-to-speech scripts using the pattern described in 3.3.1-D or something similar.