Synonyme: Sign in, sign out, login, logout

See also: Changes of context, time limits, password input field

The authentication encompasses the processes of signing in and out of an application or within an application. Logging in may be required to be able to use an application or certain parts of the application.

Note: Requirements regarding the authentication control elements (such as input fields, password input fields and buttons) are described for the respective element.

Presentation and operation

Permalink "Presentation and operation"
No.PropertyDescriptionClassificationReference
48CaptchaIf a Captcha is used during the authentication, appropriate Captchas with at least two different sensory systems must be offered for different disabilities.

Note 1: For hearing-impaired people, a visual Captcha can be offered, and for blind people, an audio Captcha can be offered.

Note 2: The use of Captchas which require users to solve a task should be avoided as far as possible.

Note 3: If a Captcha cannot be dispensed with, a non-sensory Captcha (such as one with a general knowledge question or a math task) should also be offered.

MustEN 301 549:
9.1.1.1, 11.1.1.1
49LogoutIf an automatic logout takes place in the application after a certain time, it must be possible for this time limit
  • to be disabled in advance, or
  • to be adjusted in advance (extendible to at least 10-times the time); or
  • to be extendible to at least 10 times the time with a simple action at least 20 seconds before expiry.
Note: This does not apply to an automatic logout which takes place after at least 20 hours.
MustEN 301 549:
9.2.2.1, 11.2.2.1
50LogoutNo automatic logout should take place in the application.ShouldWCAG 2.1: 2.2.3 (AAA)
51LogoutIf an automatic logout takes place, it should be possible to continue working without a loss of data after logging in again.ShouldWCAG 2.1: 2.2.5 (AAA)
52LogoutUsers should be informed in advance of the time at which an automatic logout takes place if the logout can lead to a loss of data.

Note: This does not apply to a logout after more than 20 hours.

ShouldWCAG 2.1: 2.2.6 (AAA)
53LoginIf a certain form of biometric data is required for the login (e.g. fingerprint, facial recognition), an alternative login method must be made available.

Note: The alternative login method may also be based on biometric data provided that a different form of biometric data is used for this.

MustEN 301 549:
5.3
54LoginIf the login takes place with the movement of the device or the user, an alternative login method must be provided.

Note: The movement of the device or the user may be necessary to enter biometric data (e.g. fingerprint, facial recognition), for example.

MustEN 301 549:
9.2.5.4, 11.2.5.4
55LoginIf it is necessary to enter information (such as a user name and password) when logging in, a variant must be available for which users do not have to remember this information.

Note: The application can save the login data and/or enable the addition of the information from the clipboard or using a password manager.

ShouldWCAG 2.2: 3.3.7 (A)
No.PropertyDescriptionClassificationReference
56StatusIf the technology used is able identify the input purpose of form fields, the purpose of the form fields must be marked for the data of the respective users (such as the name, email address, password) according to Input Purposes for User Interface Components - Web Content Accessibility Guidelines (WCAG) 2.1 (w3.org) (External Link)

Note: This does not mean the role (e.g. “input field”) or the specific label (e.g. “user name”), but a defined input purpose (e.g. “first name”, “user name”, “new password” or “current password”).

MustEN 301 549: 9.1.3.5, 11.1.3.5.1

Information about this article

You are welcome to send feedback by email about our handout!