CAPTCHAs don't have to be hideous

Written by Jamie Freeman

I read a report that Ticketmaster was ditching its current CAPTCHA in favour of something more 'usable'. Unfortunately for you, the ticket-buying public, the technology they're replacing it with combines banner advertising into the CAPTCHA.

Ah well, not the end of the world; at least the actual CAPTCHA looks easier to complete, even if it does leave you feeling a little dirty and used by The Man.

What is a CAPTCHA again?

It's a (frankly rather loose) acronym that stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It usually means techniques designed to ensure it's an actual human filling your form in, not some bot designed to do whatever it is bots do. Spam, usually.

The big problem with CAPTCHAs is that they employ graphics which contain text (often not real words, but jumbles of characters) which have to be distorted in order to stop them being machine-read by the bots. They're usually so distorted that even humans can barely read them.

A whole set of humans certainly can't read them: the blind or visually-impaired! So CAPTCHAs typically fail on accessibility grounds. To get around this some systems offer an audio alternative. Again, the distortion applied to the sounds is so horrendous that even those without hearing problems stand a good chance of misunderstanding them.

Cognitive CAPTCHA

But it's 2013, why do CAPTCHAs remain so complicated? We came up with a better solution several years ago to stop bots spamming our own contact form. Rather than use distorted graphics or audio we took the simple approach of asking simple questions. For example:

Is fire hot or cold?

We figured that the vast majority of people would know to answer 'hot' to such a question. So, we wrote a bunch of questions which the system delivers in no particular order.

Other people may have come up with the same solution, but at the time we couldn't find anything similar out there.

This cognitive approach does of course fall short if the user doesn't understand the question. Is fire hot? Some people don't know, but on balance those people are likely to be even more baffled by 'traditional' CAPTCHAs.

No system is completely foolproof. But ours has been running on a number of sites for quite a few years and is pretty successful at its job. Larger pools of questions make it stronger, and we add new questions every now and then.

And it does this while remaining completely accessible. Something I'm not sure any other CAPTCHA I've seen can claim.

Comments

  • David Connelly -

    Here is an even better solution which allows you to dispense with irritating captchas completely:

    http://davidconnelly.com/node/6

    You're welcome.

    -DC

  • Jamie Freeman -

    Hi David. Yes, the 'honey pot' method is interesting, but it's not accessible. It relies on hiding the form fields from view. But what if you have no 'view' to start with? Blind users will have the fields announced by their screen reader and will quite reasonably fill them in - and the honey pot script will penalise them, assuming they're actually a spambot.

  • Doug McDonald -

    Nice idea, as a side point I once wrote a similar 'captcha' type system but made the mistake of offering either a select list of options….don't do that….it got brute forced many many times! :*(

Any questions? Please get in touch…

We'd love to talk to you about your web project, e-commerce, EPOS system or bespoke web application.

Message Digital Design Ltd

+44 (0)1273 772247

© Message Digital Design Ltd. 2017