Email link authentication

Important Information about Techniques

See Understanding Techniques for WCAG Success Criteria for important information about the usage of these informative techniques and how they relate to the normative WCAG 2.2 success criteria. The Applicability section explains the scope of the technique, and the presence of techniques for a specific technology does not imply that the technology can be used in all situations to create content that meets WCAG 2.2.

Applicability

Content implemented in any technology.

This technique relates to Success Criterion 3.3.7: Accessible Authentication (Sufficient).

Description

The objective of this technique is to provide an easy way for users to authenticate without needing a password. This technique involves providing an authentication mechanism where the user can enter their email address, and they are sent an email with a link to click. When the user clicks the link in the email, they are directed back to the website and automatically logged in.

Note

The security of the email link mechanism is not the focus of this technique, but it generally involves sending a time limited token as part of the email.

Examples

Resources

Resources are for information purposes only, no endorsement implied.

Tests

Procedure

For websites which allow users to login by emailing a link to the email address associated with the account:

  1. Enter a valid email address (with an account on the website) and use the email-link feature.
  2. Check that the email is received.
  3. Check that selecting the link opens the website.
  4. Check that the user account is logged in.

Expected Results

  • #2, #3 and #4 are true.