When a website needs its visitors to prove they’re human, what is the most common technique developers use? If you’ve used the internet, you already know the answer. It’s CAPTCHA.
Ever wondered what all those letters stand for? Completely Automated Public Turing test to tell Computers and Humans Apart. Now you can win Jeopardy if that question is ever asked.
CAPTCHA is generally easy for people with normal eyesight to complete, but it presents a lot of problems for people like me with vision impairments. We need an alternative that isn’t just visual.
For example, I wanted to contribute to the accessibility pages on Wikipedia recently and decided to make an account. I thought the process would be easy to register and start making edits, but I was quickly proved wrong. It requires solving a CAPTCHA.
I thought there might be an alternative method to complete my registration, but the whole exercise to find an alternative on Wikipedia frustrated me. In fact, I never found an alternative that day that used audio or a one-time confirmation code sent to a mobile device.
This is what it’s like to be a visually impaired person who uses the internet. Even the world’s most popular sites aren’t completely accessible.
CAPTCHA technology has evolved through the years, but there are a lot of small things that have not changed. I eventually learned that Wikipedia offers an alternative method that requires Requesting an account.
I believe we can make the process more robust
This problem is not something that should be blamed entirely on Wikipedia. The real problem is that we’re fighting spam with CAPTCHA systems that are outdated and inaccessible. In this instance, the CAPTCHA was image-only and its refresh button is not keyboard accessible. It also doesn’t offer any alternatives for users to bypass it.
People with all types of disabilities struggle with CAPTCHA systems, but the groups most affected are the low-vision and blind users. This is the specific reason CAPTCHA is included as part of non-text content in WCAG guidelines. But even then, a downside of providing visual and audio CAPTCHA options is that users who are deaf and blind cannot access either one.
Now that you know the problems CAPTCHA presents for people with disabilities, let’s look at some alternatives to only using visual and audio CAPTCHA variations:
Emails and Text Messages
One of the most efficient ways to verify a user is to provide a verification code. Since these security codes are sent by email and placed between words in a sentence, it is difficult for a bot to identify and complete the transaction.
Text messages, also known as one time passwords (OTP) for phones, are the most secure way to verify if someone is human. A user who is filling out a form or seeking the information cannot finish a transaction with a fake phone number or other people’s phone numbers.
Many platforms have adopted 2-factor authentication (2FA), which sends text messages to mobile devices. These platforms also logout users from all of their devices when they suspect a security breach has happened or multiple failed login attempts have been made.
The Honeypot Method
A honeypot is a system that tricks bots into making submissions using an invisible form. When this technique is used, the text field is removed from the DOM for keyboard users. When bots submit the form by filling the honeypot, the transaction fails. A lot of spam form submissions can be avoided with this technique.
Logical or Mathematical Tests
These tests present users with a simple question that needs to be answered, such as “Is fire hot or cold?” Many times, like in this example, the answer is provided either within the question or on a separate line.
The only drawback to using this method relates to cognitive overload. Some users with cognitive disabilities can have a difficult time understanding how to respond. Anyone using this method should remember to keep the answers to their questions simple. Otherwise, even humans won’t be able to understand them.
Phone Call Verification
Some platforms only provide a security verification code through an automated phone call. While this is secure, it presents a problem for users who are deaf.
One of the most popular CAPTCHA systems is Google’s reCAPTCHA. It only has a box to check and asks if you are human. Nothing else is required.
More than all the others, this has been more accessible for me than the other systems. As long as Google recognizes you, then it allows you through the system.
The biggest problem I see with this type of CAPTCHA is that it often labels screen reader behavior as a bot. This type of verification can also time out before a person finishes the task to check the box, which leads to a transaction failure.
Some screen reader users have also had issues with sites that use this where a message is read out as “this site is protected by reCAPTCHA” in the footer section of the page. However, on the front end, there is no checkbox or any kind of challenge for the user to complete.
One of the most interesting CAPTCHA solutions I’ve come across is hCaptcha, which requires a user to sign-up with the solution provider. Then, whenever they come across an hCAPTCHA, they pass automatically. I believe a cookie is inserted into the user’s device to identify them as a human. You can learn more about this solution on the hCAPTCHA website.
How You Can Help Solve The CAPTCHA Problem
If you are fighting spam using any of the CAPTCHA systems or methods I’ve mentioned here, please remember there is a large group of internet users who cannot access most of the legacy methods still in the market.
Also keep in mind that people can have more than one disability when you consider verification systems. It’s always better to offer multiple options that work for multiple types of disabilities than just one or two. It will significantly help people with disabilities, and it should also result in more conversions and recurring customers on your website.