Captcha Alternatives and thoughts
Status: This is an old page that is not currently being updated. More recent information is available in:
Inaccessibility of CAPTCHA - Alternatives to Visual Turing Tests on the Web
CAPTCHA
A CAPTCHA (Completely Automated Public Turing Tests to Tell Computers and Humans Apart) is a feature/tool to ensure that user input has not been generated by a computer. The problem with CAPTCHAs is that they are not accessible to all types of users, which mean that some users will not be able to complete the form on the website. For example, an image-based CAPTCHA can be very difficult or impossible to complete for users who are blind or have low-vision. The table below summarizes the advantages and disadvantages for specific types of CAPTCHA.
CAPTCHA Type | Description | Advantages | Disadvantages |
---|---|---|---|
No CAPTCHA ReCaptcha Reboot | In December 2014 Google replaced reCAPTCHA (distorted image-text or distorted audio) with a No CAPTCHA/ReCaptcha Reboot) (a simple tickbox for "I am not a robot".) Check Google's Announcement. Demos for testing include: Patrick Lauke's test page and Alastair Campbell's test page. Adrian Roselli provides a summary of testing completed in December 2014.
|
Keyboard accessible, has appropriate ARIA attributes, doesn't fail keyboard only, works in Dragon. Consult Derek Featherstone's review for more information. |
Patrick Lauke's "Funky" test results: Win8.1, JAWS16, IE11, Win8.1, NVDA, Firefox and IE11, Win8.1, JAWS16, Firefox. Marco Zehe's Post: Warum die Zugänglichkeit von Googles neuer RECAPTCHA-Version kompletter Bullshit ist
|
reCAPTCHA | One of the most popular CAPTCHA currently used (ReCaptcha). It uses scanned text that optical character recognition (OCR) technology will fail to interpret. An audio CAPTCHA is provided with the visual CAPTCHA. | Offers uses who are visually impaired an audio alternative | The audio alternative is difficult to interpret. This poses a barrier for users with visual impairment as well as dyslexia and other cognitive impairments.
Takes a long time to complete and has low usability Not all users will recognize the English-language words used in the visual as well as in the audio versions David adds: It's not keyboard accessible. http://www.jimthatcher.com/captchas.htm In spring of 2014 I checked this and it was not fixed. Aurelien adds: it's can easily be customized to enable keyboard navigation see https://developers.google.com/recaptcha/docs/customization |
CAPTCHA Bot | Lanapsoft BotDetect CAPTCHA
Similar to reCAPTCHA in that it provides both audio and visual CAPTCHA. |
Offers users who are visually impaired a usable audio alternative
Easier for low vision users to see Shows a set of letters as opposed to English words |
May still be difficult to interpret by some users. May be harder to remember letters without context
Requires customization to move focus to the text entry box Error messages from the CAPTCHA require customization |
Text CAPTCHA Logic Questions | A generated textual CAPTCHA based on simple logic questions, designed for the intelligence of a seven-year-old child. | More accessible than text and image recognition | May take users time to read and understand
Can be broken by computers The logical questions are language specific mainly in English |
Image Recognition CAPTCHA | Identify an object in an image | No legibility issues
Doesn't need a specific language |
Not accessible to users who are visually impaired or have visual agnosia
Does not improve usability Adding an alternative text will make the CAPTCHA breakable |
Friends Recognition | Based on social recognition. Users will be presented with pictures of their friends and will be asked to name the person in the photo - Social Authentication. | Filters human hackers rather than machines | People do not always remember names of distant friends or friends of their friends
Will it be accessible to users who are visually impaired, have visual agnosia or memory difficulties? |
User Interaction | Users are asked to perform a task while interacting with an application like sliding a cursor to the end of a line to submit a form | The tasks are impossible for virtual intelligence | Inaccessible to people with disabilities
May be breakable by a script |
CAPTCHA 2010 by Solve Media, |
replace text with an advertisement and a related question, a move that many saw as too invasive. | Solve Media claims its CAPTCHAs can be solved more quickly than others. Given that many global brands transcend a single language. There is potential here for marginal improvement. | Inaccessible to people with disabilities |
Alternative methods to perform human verification and establish identity
Most of the solutions mentioned above do not meet all of the requirements for an accessible and usable CAPTCHA. There are some alternative solutions for preventing spam are possible and available. Here are some of those solutions:
CAPTCHA Alternative Type | Description | Advantages | Disadvantages |
---|---|---|---|
Automated and manual spam detection services | Examples Akismet, SBlam! | To be completed | To be completed |
Honeypot | Another method to detect automated submissions. The idea behind the honeypot method is as follows: website forms would include a hidden field (by positioning the field off screen). Since spam robots cannot detect a hidden field in the HTML, when data is inserted into this “honeypot” field, the website administrator would know that the data was not entered by a "real" user. The honeypot method can be made more sophisticated by using JavaScript and data hashing. All abusive requests that are detected should be banned and the associated IP should be stored in a database for future detection. https://www.dexmedia.com/blog/honeypot-technique/ | If there is proper labeling it can warn screen reader users not to fill it out | If there is no warning using aria-label etc.. then it could trap a screen reader user who fills it out not knowing it is a trap. It is likely that spam bots could figure out any warning text for screen reader users. |
Temporary tokens | assign a temporary token to the users at the start of their sessions. The token will be associated with the submitted form. When the session is terminated, the token expires | To be completed | To be completed |
Multi-factor authentication | Mobile confirmation: Some of B2C Websites ask for the user to input their mobile number (usually the mobile number is also needed to confirm when users do initial registration) when they pay money or make a deal, the system sends a text message with a code to user's mobile device, user input the sending code to website just confirming he/she is really user also a human.
(Other kinds of Multi-factor Authentication to be added here) |
If people who are blind people have a mobile with TTS, which most do, they are able to use this kind of Captcha, it is a accessible for people with disabilities. | Requires mobile device and mobile signal |
Sweet Captcha and playthough | Matching categories by dragging and dropping. http://sweetcaptcha.com/ http://areyouahuman.com/how https://www.youtube.com/watch?v=LjB86MPHduk | From their website "sweetCaptcha is a fresh, friendly, action-based CAPTCHA service that’s easy for you to add to your website and less frustrating for users to solve than difficult-to-decipher text-based CAPTCHAs" | Not keyboard accessible which is a non starter for WCAG conformance, not serious enough, or secure enough for serious ventures. It would need work to make it accessible, keyboard functionality, alt text for the images. Would that invalidate it because it would be easier for bots? |
Biometric security | fingerprint, eye scan, face scan, etc... | More and more of this is popping up. How it works is fairly self evident. | exposure to theft of your bioprint. This is a scary type of identity theft, which can't be changed like a credit card number. Also, what if the user doesn't have the physical characteristic necessary. i.e., a veteran who has no hands for fingerprint, or a person with no eyes. |
NuCaptcha | Tracks your behaviour on the site, let's those that act like humans go through. http://www.nucaptcha.com/demo | Interesting idea | what if you are human who doesn't behave like other human beings? Users of AT often approach a site not like other users. |
Confident Captcha | Shows you several images, find the image of beverage, money, outer space, etc... | Need to see the image. not good for those who are blind. Can't pass WCAG. | |
No Captcha | Simplifies reCaptcha | Doesn't look accessible to those who are blind are who have problems associating categories of things. Relies on seeing images |
See also
- "In search of the perfect Captcha"
- 10 Things to Check Before Using a CAPTCHA
- Protocols and Formats group discussion of Captcha
- 2005 W3C paper
- SoundsRight CAPTCHA - Jonathan Lazar et al., 2012
- Towson granted patent for SoundsRight CAPTCHA technology
- Credential Management Level 1
- How Bad are They Really for User Experience? - Sabrina Mach.
- 9 Captcha alternatives that won't wreck your UX
- (DRAFT) PF APA Charter has "Inaccessibility of CAPTCHA (Note)" as a deliverable.
- Avoid CAPTCHA where possible - EOWG
- Accessibility of CAPTCHA - Gez Lemon (2006 article examines social networking as a possible solution)
Page created by David MacDonald and Kathy Wahlbin. Updates and additions by Laura Carlson and Michael Cooper.