Digital Accessibility Index: Learn where the world’s leading brands fall short on accessibility.

See Report

How Information Security and Digital Accessibility Can Coexist

Jun 10, 2024

If you’re collecting personally identifiable information from your users, you have a responsibility to limit potential risks. 

Generally, that means establishing policies and controls that prevent unauthorized access. The problem: When you limit unauthorized access, you risk making your website less accessible for legitimate users.

That’s true regardless of the complexity of your controls. For example, if you add a password field, you’ll make your website less usable for people who have trouble remembering passwords. If you require two-factor authentication, your users will need to spend more time navigating the process before taking the next step.

In most cases, the added security is worth the potential tradeoff. However, you want to avoid major accessibility barriers wherever possible — especially barriers that might completely prevent people with disabilities from engaging with your content.

Many website security controls have an outsized impact on users with disabilities

Before collecting information from users, you’ll need to engage in two separate but related processes: authentication, which verifies the identity of the user; and authorization, which determines the permissions of the user.Accessibility issues usually occur when authentication processes are not designed for users with different types of abilities. For example:

  • A website uses a CAPTCHA field to determine whether the user is human. Traditional CAPTCHAs aren’t readable with screen readers (software that converts text to audio or braille), so they may lock out users with vision disabilities. 
  • A website requires users to remember a password. For security, the password field doesn’t allow copy/paste functionality, which prevents people with memory disabilities from using password managers and similar technologies.
  • A website’s login process must be completed within a specific timeframe. Users with mobility disabilities may not be able to finish the process before the timeout occurs.

None of these authentication issues will actually make your website more secure. Visual CAPTCHAs are frustrating for all users, and they’re not particularly effective for eliminating bot traffic. Disabling copy/paste functionality prevents an extremely small number of potential attacks. Time limits can be important, but there’s no reason that you can’t warn the user when a timeout is approaching.

Ultimately, your website’s security controls are there for the user, so if you’re creating barriers for users, that’s a problem. Sacrificing accessibility won’t necessarily improve security; in fact, cybersecurity requires accessibility to be effective.

Related: How Accessibility in the Web Development Process Saves Time

Avoid common mistakes when implementing security features

All of the above issues are addressed within the Web Content Accessibility Guidelines (WCAG), the international standards for digital accessibility. Unfortunately, developers often ignore WCAG when planning their security controls — and if you’ve already built a login process that ignores accessibility, implementing accessibility after-the-fact can be expensive and impractical. 

Here are some basic tips for building a secure website that works for people with different types of abilities: 

Remember, accessibility isn’t optional. A poor authentication experience is more than a user experience issue: It’s a potential violation of the Americans with Disabilities Act (ADA) and other non-discrimination laws. Following WCAG will improve compliance and guide you towards decisions that benefit all users — without making your security measures any less effective.

For guidance with a specific accessibility issue, send us a message to connect with an expert. To compare your website against WCAG’s Level AA accessibility standards, get started with a free automated analysis. 

Use our free Website Accessibility Checker to scan your site for ADA and WCAG compliance.

Powered By

Recent posts

Accessibility Tips: Don’t Use Subheadings Because of How They Look

Sep 5, 2024

Writing Alt Text for Hyperlinked Images

Sep 4, 2024

Why No ARIA Is Better Than Bad ARIA

Aug 28, 2024

Not sure where to start?

Start with a free analysis of your website's accessibility.

GET STARTED