The issues with CAPTCHA

Back in 2009, we published a post called "New Logical Captcha Plugins for WordPress". One of those plugins is no longer available. Since 2009 there have been many articles and discussions about using CAPTCHA and new plugins developed for preventing spam. Those maintaining websites need to prevent damage to their sites due to unwanted spam, yet these prevention methods often keep out legitimate site visitors, too.

We collected a list of a few articles and discussions about the issues with CAPTCHA. If you have slapped a CAPTCHA solution onto your site without considering what problems you might be causing legitimate visitors, you really need to take some time to read and learn from these articles. Note that many of them include even more links about the challenges. Kudos to the people working to resolve this long-standing problem with security solutions blocking legitimate visitors. There is still lots of work to do, so please consider sharing your knowledge or experience in the comments.

Articles and Discussions

Plugins

Here is a list of some plugins that claim to be accessible or user-friendly. Based on some of the discussions in the previous list, none of them are perfect solutions. Some claim to avoid issues for one disability, yet they still have issues for other disabilities. For example, do the logic-based tests consider issues with cognitive or learning disabilities? Let us know what you are using these days and why. [Someone once suggested an accessible slider as part of a CAPTCHA solution, but we couldn’t find that link. Please share it in the comments if you know what happened to that project.]

How inclusive is CAPTCHA?

Filtering visitors, or unwanted visitors, is a challenge to those who maintain websites. Unwanted visitors refers to those who want to post material unsuitable for children, grandparents – or even yourself! (I'm talking about spammers and their ilk.)

Unfortunately, one of the popular methods of filtering creates a barrier for other legitimate visitors. This method is called CAPTCHA and is a barrier to those using screen readers. CAPTCHA is an image of a distorted word, whose letters you must type into a field to identify yourself to the system. If you cannot see, how do you use an image to identify yourself as a real person who wants access to a certain system? Perhaps it is time to revisit the topic of CAPTCHA?

The American Foundation for the Blind (AFB) issued a press release in 2006 with a YouTube video that demonstrates the problem that screen readers can’t read images and can’t read text in CAPTCHAs with a result that CAPTCHAs on Social Networking Sites Shut Out Blind Users. This particular article was about the exclusion of blind users on the social networking sites MySpace, Facebook, and Friendster. The video offers a visual demonstration of the barrier presented by CAPTCHA. Half a year later, Facebook came up with a screen-reader friendly version of their gift shop.

In January 2008, a blog entry on the AFB site praised Facebook for improving the site's accessibility: Thanks Facebook! One blind user explains what it means to have access to Facebook even though she cannot see pictures. A recent entry from AFB about Facebook and accessibility has a link to the pages inside Facebook that explain their accessibility policy. Kudos to AFB intern, Michelle Hackman, for working persistently with Facebook to make that social networking site more inclusive! If developers of Web applications had technical communicators who were accessibility-savvy on their project from Day 1, people like Michelle can use their energy elsewhere!  Updated

With the issues presented by CAPTCHA, how much longer will it be used?

An August 28, 2008 article in The Guardian from the UK argues that CAPTCHA is broken. The "bad guys" that CAPTCHA was designed to block have already broken down the barrier, and unfortunately, it is not to be nice to visitors with screen readers.

What alternatives are there?

Some use a question and answer system designed by Mike Cherim.

reCAPTCHA is an interesting alternative, but not the perfect alternative. It claims to be accessible to blind users, but discussions at Joe Dolson's Accessible Web Design website "A useful CAPTCHA from reCAPTCHA", Blind Access Journal's request "Visual Verification: Please Help Test ReCAPTCHA Audio Playback", and Twitter's blog post "New: Accessible Captcha with Recaptcha" reveal flaws, such as lack of proper keyboard access. An interesting aside about reCAPTCHA is that it is being used to assist with a digitalization project of book texts. This is a worthy and ambitious project.

Are the flaws in reCAPTCHA still there? Are there other inclusive filters in place or on the drawing board somewhere? Share your experiences in the comments.