Synonyme: Sign in, sign out, login, logout
See also: Changes of context, time limits, password input field
The authentication encompasses the processes of signing in and out of an application or within an application. Logging in may be required to be able to use an application or certain parts of the application.
Note: Requirements regarding the authentication control elements (such as input fields, password input fields and buttons) are described for the respective element.
Presentation and operation
Permalink "Presentation and operation"| No. | Property | Description | Classification | Reference |
|---|---|---|---|---|
| 48 | Captcha | If a Captcha is used during the authentication, appropriate Captchas with at least two different sensory systems must be offered for different disabilities. Note 1: For hearing-impaired people, a visual Captcha can be offered, and for blind people, an audio Captcha can be offered. Note 2: The use of Captchas which require users to solve a task should be avoided as far as possible. Note 3: If a Captcha cannot be dispensed with, a non-sensory Captcha (such as one with a general knowledge question or a math task) should also be offered. | Must | EN 301 549: 9.1.1.1, 11.1.1.1 |
| 49 | Logout | If an automatic logout takes place in the application after a certain time, it must be possible for this time limit
| Must | EN 301 549: 9.2.2.1, 11.2.2.1 |
| 50 | Logout | No automatic logout should take place in the application. | Should | WCAG 2.1: 2.2.3 (AAA) |
| 51 | Logout | If an automatic logout takes place, it should be possible to continue working without a loss of data after logging in again. | Should | WCAG 2.1: 2.2.5 (AAA) |
| 52 | Logout | Users should be informed in advance of the time at which an automatic logout takes place if the logout can lead to a loss of data. Note: This does not apply to a logout after more than 20 hours. | Should | WCAG 2.1: 2.2.6 (AAA) |
| 53 | Login | If a certain form of biometric data is required for the login (e.g. fingerprint, facial recognition), an alternative login method must be made available. Note: The alternative login method may also be based on biometric data provided that a different form of biometric data is used for this. | Must | EN 301 549: 5.3 |
| 54 | Login | If the login takes place with the movement of the device or the user, an alternative login method must be provided. Note: The movement of the device or the user may be necessary to enter biometric data (e.g. fingerprint, facial recognition), for example. | Must | EN 301 549: 9.2.5.4, 11.2.5.4 |
| 55 | Login | If it is necessary to enter information (such as a user name and password) when logging in, a variant must be available for which users do not have to remember this information. Note: The application can save the login data and/or enable the addition of the information from the clipboard or using a password manager. | Should | WCAG 2.2: 3.3.7 (A) |
Programming/interfaces
Permalink "Programming/interfaces"| No. | Property | Description | Classification | Reference |
|---|---|---|---|---|
| 56 | Status | If the technology used is able identify the input purpose of form fields, the purpose of the form fields must be marked for the data of the respective users (such as the name, email address, password) according to Input Purposes for User Interface Components - Web Content Accessibility Guidelines (WCAG) 2.1 (w3.org) (External Link) Note: This does not mean the role (e.g. “input field”) or the specific label (e.g. “user name”), but a defined input purpose (e.g. “first name”, “user name”, “new password” or “current password”). | Must | EN 301 549: 9.1.3.5, 11.1.3.5.1 |
Information about this article
You are welcome to send feedback by email about our handout!