CAPTCHA Codes are not Accessible

June 09, 2005
web

CAPTCHA tests are showing up like crazy these days to validate that users are humans, and not computers. They are used in blog comments, and are getting popular for online registration sites.

I think that most people implementing captcha's these days are overlooking the fact that they are not accessible, and they would fail Section 508 accessibility compliance for a web application.

Nearly 10% of the population is color blind, and even more can't see very well. Some CAPTCHA codes are hard for me to read and I am not color blind, and have 20/20 vision. Just take a look at the CAPTCHA code on slashdot to see what I mean.

By the way CAPTCHA is an acronym for "completely automated public turing test to tell computers and humans apart."



Related Entries

8 people found this page useful, what do you think?

Comments

The color blindness thing regularly gets me. I'd say I have to re-key at least 1 out of every 5 captcha's I try to enter.
You could use a question based captcha such as "Fill in the blank with the missing sequence a _ c d", or provide an answer to a common question "Who's buried in Grants Tomb?____" and so on, but over time AI systems will be able to decipher even these unless you have a very large set of questions. From a section 508 perspective, One method is to provide a phone number to call for an activation code. The alt/title field would contain the challenge code which the user punches into the phone and the person or automated system provides the response to be entered into the text field. If you are using an 800 number, you have the added advantage of being able to guarantee caller id, since the person paying for the phone call (you being the 800 number owner) has a right to know who's calling you.
I just found this site: http://captchas.net/ which offers an audio captcha service.
The reason the why all these CAPTCHA images are obfuscated is to prevent OCR packages from reading them. I wonder if you couldn't just get around this by having Flash dyamic querying the server and display a string to display. This wouldn't address accessibility, but might allow you to display an easier to read string.
Yea, I have come across a fair few CAPTCHAs and I really don't like them. Gmail has some legible ones, but when you view Microsoft's they are horrible. I tend to stay away from them if I can.
This problem being discussed for years, there is even W3C document with proposed alternatives: http://www.w3.org/TR/turingtest/
what about verify by email? better than phone
Verify by email can usually be done by a computer.
new powerful captcha: http://www.cryptographp.com
sure thing captcha is going down.
Thought you guys might like this. GigoIt's HumanAuth is based off the ideas presented by KittenAuth.com. HumanAuth supports ADA and Section 508 requirements, increased security and includes watermarked images with random positioning. HumanAuth ensures that an actual human is using your site without forcing them to read distorted CAPTCHA text. http://www.gigoit.org/humanauth/
Maybe a HTML-CSS captcha is better: You can enlarge the Captcha , so it is good readable. http://www.htmlcaptcha.org
There is smart captcha technology provided by the www.protectwebform.com: http://www.protectwebform.com/smartcaptcha Nice solution to hide the captcha when it is not likely to be a bot.
www.protectwebform.com now also provides a speaker symbol, to listen to a spoken captcha code. This solves the problems mentioned above for visually disabled persons.
I've written an accessible captcha system you might be interested in. it's available under the LGPL at http://system-x.info/?pageid=18&menutree=47
Agree with you, so all CF-developers: use CFFORMPROTECT. It's a really great, simple and efficient tool that catches all spam and also is linked to Akismet. Go get it at Riaforge.
How about using onFocus(), onChange(), or onBlur()? All of them are standard events which are also fired by screen readers, etc. When at least one field has had some text put in it, then either set a hidden field's value to a specific key or dynamically add a hidden field.
If audio is provided along with the image, does that make it Section 508 compatible?
I don't think adding audio makes it section 508 compliant, as there are also hearing disabilities. And from what I hear the audio CAPTCHA's are just as hard to decipher by someone with good hearing.
so what's your point? i went to the slashdot link. my eyes are bad and i read the code with no problem, but i agree i have had difficulty with some.
I just sent this post to a bunch of my friends as I agree with most of what you’re saying here and the way you’ve presented it is awesome.

http://www.the-love-calculator.info
I just sent this post to a bunch of my friends as I agree with most of what you’re saying here and the way you’ve presented it is awesome.

http://www.the-love-calculator.info
There's a time and a place for everything
Awesome Blog. I add this Blog to my bookmarks.

http://hitcreatormusic.com/forum/topics/anti-virus-free-programs
Great Blog. I add this Blog to my bookmarks.
I’ve been visiting your blog for a while now and I always find a gem in your new posts. Thanks for sharing.
I’ve been visiting your blog for a while now and I always find a gem in your new posts. Thanks for sharing.
Thanks For This Post, was added to my bookmarks.
Great Blog. I add this Post to my bookmarks.
Thank You For This Post, was added to my bookmarks.
I’ve been visiting your blog for a while now and I always find a gem in your new posts. Thanks for sharing.
Awesome Post. I add this Blog to my bookmarks.
I’ve been visiting your blog for a while now and I always find a gem in your new posts. Thanks for sharing.
I’ve been visiting your blog for a while now and I always find a gem in your new posts. Thanks for sharing.
I’ve been visiting your blog for a while now and I always find a gem in your new posts. Thanks for sharing.
I’ve been visiting your blog for a while now and I always find a gem in your new posts. Thanks for sharing.
I just sent this post to a bunch of my friends as I agree with most of what you’re saying here and the way you’ve presented it is awesome.
But you can use our coupons code service at http://mixseo.net/coupons.html
??????? ?????? ???????? ? ???????????.
Point made for using capchas I think.

Post a Comment




  



Spell Checker by Foundeo

Recent Entries



foundeo


did you hack my cf?