Barriers of Phone-Based Authentication
Bobby Bailey
Vibe Check – The Accessibility Barriers of Phone-Based Authentication
Multi-factor authentication (MFA) is a common security measure, requiring people to confirm their identity using a second device—often a phone. While this adds an extra layer of security, it can create significant accessibility barriers for people using screen readers and voice technology, particularly those with mobility disabilities or those who cannot easily switch devices.
Forcing authentication through a separate device assumes that every person has equal access to a second device and the physical ability to retrieve and use it. Let’s break down why this can be a major barrier and how to make authentication more accessible.
A Personal Story – When MFA Became an Obstacle
A while back, I was helping a friend set up an online account that required phone-based authentication. My friend, who relies on a screen reader and voice commands due to limited mobility, found the process incredibly frustrating.
Every time they switched from their computer to their phone to retrieve the authentication code, their screen reader lost focus. By the time they navigated back to the login page, their session had expired, forcing them to start over. What should have been a quick, secure login turned into an exhausting loop of failed attempts.
That experience reinforced something important—authentication needs to be secure, but it also needs to be accessible. Let’s look at why phone-based authentication creates barriers and how we can fix it.
Elevate the Vibe – Why Phone-Based Authentication Creates Accessibility Challenges
Screen Reader Users Lose Context When Switching Devices
Screen reader users rely on sequential navigation to interact with websites. Switching between a computer and a phone for authentication causes:
- Loss of page focus – When returning to the website, the person may have to restart their navigation, scrolling through content to find the login field again.
- Session timeouts – Some authentication pages expire too quickly, forcing users to repeat the entire login process.
- Disruptive navigation flow – Moving away from a screen reader’s structured navigation interrupts the login process, making it more complex than necessary.
Voice Technology Users May Not Have Access to a Second Device
Many people using voice commands for navigation have limited mobility or paralysis, meaning they cannot simply pick up a second device to retrieve a verification code.
- If the authentication process requires checking a text message, they may need to ask someone else for help, removing independence from the login experience.
- If the person doesn’t have access to voice commands on their phone, switching devices may require manual assistance, which isn’t always available.
Forcing people to rely on multiple physical devices creates unnecessary accessibility barriers, especially when alternative authentication methods exist.
Delays & Increased Cognitive Load
The process of retrieving a verification code can increase cognitive load and cause frustration for people with disabilities:
- Memory strain – People must remember a randomly generated code while switching devices and returning to the login page.
- Speed-based timeouts – People who navigate more slowly may not enter the code in time before it expires.
- Inconsistent input methods – If a voice user retrieves the code on their phone, they may struggle to enter it on their computer without manual assistance.
Instead of assuming device-switching is seamless, designers should ensure authentication methods are inclusive and flexible.
Self-Reflection – Is Your Authentication Process Accessible?
Ask yourself:
- Does my authentication method require switching to a second device?
- Are there alternative ways to verify identity without needing a phone?
- Have I tested the login process with screen readers and voice technology?
- Do timeouts allow enough flexibility for people with mobility or cognitive disabilities?
If any of these raise concerns, it’s time to make authentication more accessible.
Vibe in Action – Making Authentication More Accessible
Offer Alternative Authentication Methods
- Use email-based authentication instead of requiring phone verification.
- Allow device-based prompts so people can approve logins on the same device they are using.
Extend Session Timeouts for Code Entry
- Increase the expiration window so people with disabilities have enough time to enter their verification code.
- Provide a “Resend Code” option that does not force users to restart the entire login process.
Provide Copy-Paste or Autofill Support
- Allow automatic code detection so users don’t have to manually enter a code.
- Enable paste functionality so people can easily transfer codes from a text message or email.
Use Biometric or Passwordless Authentication
- Fingerprint or facial recognition can remove the need for a second device.
- Passkeys (device-based authentication) allow users to verify on the same screen, reducing accessibility barriers.
Vibing Out
Phone-based authentication assumes that everyone can quickly switch devices, but for people using screen readers, voice technology, or those with mobility limitations, this can create frustrating and unnecessary barriers.
Instead of relying solely on text message verification, authentication should be flexible, inclusive, and adaptable to different accessibility needs. By designing multiple authentication options, extending time limits, and reducing device-switching, we can ensure security without compromising accessibility.
True accessibility means independence—and that includes the right to log in securely, without needing assistance.