The most common authentication mechanism, the password, requires a user to recall a secret. Users take this memorisation, or cognitive function, test on a daily basis in order to gain access to systems and devices. This mechanism's design has received much scrutiny and there is a common realization that security and usability are key considerations. In this paper, we consider a third, emergent aspect: that of accessibility. Using a qualitative approach, we explore the challenges current password-based approaches pose to people with dyslexia, a relatively common cognitive disability, highlighting several issues. Following draft web accessibility guidelines, we also evaluate alternative authentication mechanisms. We observe a lack of consideration for accessibility in the area of authentication and offer suggestions for future research.