CAPTCHA is still most problematic issue on the web

(Read 889 times)

Even with improved CAPTCHA user experience in the last couple of years we still stumble upon CAPTCHA challenges that are difficult to impossible. The situation is even worse for screen reader users and hasn’t changed in more than a decade. How can we help?

Completely Automated Public Turing test to tell Computers and Humans Apart (shortened to CAPTCHA) is often a time consuming barrier for multiple groups of people. People not able to see the screen can’t really submit the form if CAPTCHA isn’t accessible (most CAPTCHAs are often very visual, using images or images of skewed text that need to be perceived and then typed into a text field, for example).

No wonder that even after 14 years of WebAIM’s Screen Reader survey, CAPTCHA is the most problematic item on the web (opens in new window) for screen reader users. Imagine filling out a complex form just to find out that it has a CAPTCHA at the end, and an inaccessible one. That often means you have to reach out for help and by doing that you need to give up your privacy. And if you have to wait for help for more than 20 minutes (quite common session timeout default) you also risk the requirement to repeat filling out the form in the first place. And not to mention that if form is not coded properly (unfortunately a lot of forms are not) you also risk that your autocomplete will not make it easier for you to fill out the form.

I often see people struggle with forms, and I often struggle with CAPTCHAs, even if I can see the skewed text, but it is way worse for people depending on screen-readers (also people with vision impairments and people with cognitive disabilities).

Are there any accessible CAPTCHA solutions?

In the recent years we got some alternatives, but if CAPTCHA only offers two modalities it can still be inaccessible. Visual and audio captcha can still not be enough for some people, as we really need text only CAPTCHA as well. So if you think that adding an audio CAPTCHA will make things totally accessible – you might be wrong – depending on the visual CAPTCHA. Adding alternative texts to strange fonts goes against the purpose to stop bots, so you need to have totally other concept of text only CAPTCHA, like for example solving a simple riddle or mathematical equation (like for example how much is 7 and 3).

Additional perspective – solutions that offer the best possible (and most accessible) CAPTCHAs are often third party scripts that may not be viable for some websites (or apps), and are often left out in favor of first-party CAPTCHA solutions that are likely outdated and less accessible.

There are also technical solutions that don’t require third parties and any CAPTCHAs at all, so called honeypots where we extend original form with visually hidden form fields that are often filled out by automatic scripts trying to spam our form and by checking those fields we know that something was populated automatically. Such trivial solutions can often work, at least until bad actors check the form manually.

Conclusion – test before using

I suggest dropping visual CAPTCHAs (even if they offer some audio mode) and trying with honeypot first. After some time we can then check and if spam still comes through I suggest using simple CAPTCHA in text form (like for example a simple mathematical equation on top of honeypot). If that still doesn’t help we can look into third parties (provided our security and performance policies allow that) or investigating other possibilities (perhaps improving heuristics for bot detection with the help of spam email address and word checking).

In any case – please make sure to consider WCAG and test with different users!

Additional resources

Author: Bogdan Cerovac

I am IAAP certified Web Accessibility Specialist (from 2020) and was Google certified Mobile Web Specialist.

Work as digital agency co-owner web developer and accessibility lead.

Sole entrepreneur behind IDEA-lab Cerovac (Inclusion, Diversity, Equity and Accessibility lab) after work. Check out my Accessibility Services if you want me to help your with digital accessibility.

Also head of the expert council at Institute for Digital Accessibility A11Y.si (in Slovenian).

Living and working in Norway (🇳🇴), originally from Slovenia (🇸🇮), loves exploring the globe (🌐).

Nurturing the web from 1999, this blog from 2019.

More about me and how to contact me: