Wheelchair ramps, braille, text captions, large print books are all examples of accessibility in the real world. We use these as tools to help ensure everyone has equal access to places and resources. But what about the internet and technology? What tools exist in the digital world to ensure everyone has access to digital resources?
One of the opportunities we have through the internet and technology is a better chance at leveling the playing field for everyone and ensuring equal access to digital resources and experiences, especially for those experiencing disabilities.
The Complexity of Accessibility
Developers are already familiar with many of the complexities of identity and access management (IAM), but one often overlooked complexity is around accessibility. How do you ensure that the steps you’re taking to secure your customers and their accounts aren’t introducing unnecessary friction for some groups?
Here, we talk specifically about accessibility as it relates to Customer Identity and Access Management, but many of the same considerations also apply to Identity and Access Management as a whole.
What Are Some of the Things We Should Think about When It Comes to Identity and Accessibility?
When we talk about accessibility, we’re not only talking about physical disabilities like impaired hearing or vision. It’s also important to think about different social groups that could be impacted, such as aging populations or those with reduced access to the internet or technology.
For identity specifically, we need to think about accessibility in a few different contexts:
- Sign-up process
- A user's journey often starts with the sign-up process.
- Considering populations that might be accessing with a poor internet connection, we need to ask whether the sign-up flow is lightweight enough to allow optimal functionality. Ensure the sign-up flow is accessible across different devices and that it is formatted correctly – the size of the text should be large enough to read on smaller devices.
- For users that might not be as familiar with password security, do you guide them through the process to ensure they have a secure password by checking for breached passwords or recommending certain password parameters?
- A user's journey often starts with the sign-up process.
- Sign-in process
- Many of the same rules apply to the sign-in process as to the sign-up process.
- Is it easy to know where to log in and what information is needed? Make it easy to find where to log in – don’t hide your login button on a busy webpage. Then, once users get to your login box, make it clear what information the customer needs to provide to log in – whether that’s a phone number, email, username, password, etc.
- Do you make it easy to recover a forgotten password or perform a self-service password reset? Use clear language and provide step-by-step instructions that help users gain access to their account when they’ve forgotten their credentials.
- Many of the same rules apply to the sign-in process as to the sign-up process.
- Multi-factor authentication
- Multi-factor authentication is one of the best steps we can take to help users secure their accounts and protect them from account takeover. However, we also need to consider the accessibility of the MFA solution we’re offering.
- Do you offer multiple factors that can meet people where they are? While SMS might be a preferred factor for some, it could serve as an impediment to others who might be better suited for voice or biometrics as a second factor.
- Is the MFA enrollment process simple for users that might not be technologically savvy? Does it require the user to switch between multiple devices? Does it require the user to have an internet connection? By offering your users options, you can ensure you’re providing your customers with that extra layer of protection while still maintaining a frictionless experience that’s accessible to all.
- Multi-factor authentication is one of the best steps we can take to help users secure their accounts and protect them from account takeover. However, we also need to consider the accessibility of the MFA solution we’re offering.
What Steps Can You Take to Ensure You’re Securing Users While Maintaining Accessibility?
Accessibility is something that varies from person to person and application to application. There’s no one-size-fits-all solution when it comes to web accessibility. The full scope of accessibility generally relies on many different applications, settings, and devices working together. However, you can do your part to make your customer identity more accessible by:
- Bringing awareness
- You’ve already taken one of the first steps toward making your customer identity more accessible by simply being aware. Going forward, you can put accessibility at the front of your development process, considering the accessibility implications of different solutions as you’re planning and building your application.
- Reviewing the WCAG guidelines
- WCAG 2.1 outlines the best practices for digital accessibility. They also offer tests and techniques you can use to enhance accessibility for your application. Following the guidelines here, you can make your web content more accessible to more audiences.
- Allowing more choice in your login flow
- While you might think it seems easy enough to verify your identity using a OTP from an authenticator, this could be a huge barrier to someone who isn’t technologically savvy, doesn’t have a mobile device, or is visually impaired. Allowing your users to choose from different MFA factors allows them to choose one that works best for them. Similarly, allowing your users to have the ability to recover a lost password or perform self-service password reset means they don’t have to call a help desk if they forget their password. By providing options to your users, they can choose what works best for them.
- Use social login or passwordless
- If users have already registered for an account elsewhere, why not allow them to use that account to access your application? Social login is a great place to start and can be as simple as clicking a button. It doesn’t require users to go through a sign-up process or memorize another password. Passwordless login allows users to leverage things like email magic links to log in.
How Does Okta Consider Accessibility When Building Features and Products?
One of the benefits of using an identity solution like Okta is that we provide you with tools to make it easier to deploy accessible solutions to your users. Okta is continuously working to improve the functionality of its products in support of accessibility standards such as Section 508 of the US Rehabilitation Act of 1973 as well as the Web Content Accessibility Guidelines (WCAG). This page provides information about our efforts to provide a more accessible experience to your end-users.
If you want to learn more about our journey to a more accessible login, check out our blog post here.
These materials and any recommendations within are not legal, compliance, or business advice. These materials are intended for general informational purposes only and may not reflect the most current legal and compliance developments nor all relevant issues. You are responsible for obtaining legal, compliance, or business advice from your own lawyer or other professional advisor and should not rely on the recommendations herein. Okta is not liable to you for any loss or damages that may result from your implementation of any recommendations in these materials. Okta makes no representations, warranties, or other assurances regarding the content of these materials. Information regarding Okta's contractual assurances to its customers can be found at okta.com/agreements.