CAPTCHA and accessibility
CAPTCHAs are often used as a website’s first defence against computer bots submitting forms, such as login, email or comment forms. All CAPTCHAs have usability issues and most have significant accessibility barriers. Government organisations are encouraged to avoid them and instead implement a number of alternative techniques to prevent or reduce access by bots.
CAPTCHA stands for 'Completely Automated Public Turing test to tell Computers and Humans Apart'.
A CAPTCHA might take the form of an image presenting a word or string of characters that is difficult to decipher. It might also be a simple logic-based or mathematical question, for example 'Is ice hot or cold?' or 'What is 2 + 3?'
The purpose is to provide a challenge to the user that a human can solve but a computer bot can’t.
There are a number of types of CAPTCHA, but image CAPTCHAs seem to be the most prevalent. Also, as computer bots get more sophisticated, CAPTCHAs are getting more and more complex or difficult to decipher, even for human users.
All CAPTCHAs introduce some kind of usability hurdle, but in most instances they also present significant accessibility barriers.
Most CAPTCHAs, including those that use more than one modality (for example, an image CAPTCHA for the sighted and an audio CAPTCHA for the vision impaired), block access to one or more type of user. For example, the popular image-based reCaptcha service, which offers an audio alternative, still blocks access to people who are deaf-blind.
If a test that requires user interaction is deemed necessary, it is suggested that this be something no more complicated than directing the user to enter a specific, randomly generated string into a text input, such as “Enter ‘syi339’”, or possibly very simple math questions, such as “What is 2+3?”
However, keep in mind that logic or language questions may be extremely difficult for some users with cognitive impairments, learning difficulties or English as a second language. If such an approach is taken, it can be combined with other non-CAPTCHA approaches as described below.
WCAG 2.0 on image-based CAPTCHAs
If an image CAPTCHA is used, follow the Web Content Accessibility Guidelines (WCAG) 2.0 guidance on image CAPTCHAs:
CAPTCHA: If the purpose of non-text content is to confirm that content is being accessed by a person rather than a computer, then text alternatives that identify and describe the purpose of the non-text content are provided, and alternative forms of CAPTCHA using output modes for different types of sensory perception are provided to accommodate different disabilities.
Avoid using CAPTCHAs
Given the accessibility issues with CAPTCHAs, Government organisations are encouraged to avoid them and instead implement a number of alternative techniques to prevent or reduce access by bots.
There are a number of ways to prevent or reduce the submission of forms by bots.
An additional form field is included following the form’s submit button. The form field does not use the
type="hidden" attribute and value, but it is hidden using CSS
display:none. This will prevent screen readers from reading the field. Regardless, to be safe, the form field should also have a descriptive label that is similarly hidden, but clearly indicates to screen reader users that they should not enter anything in the field.
Upon submission of the form, the field is checked for content, and if it contains a value, the form submission is considered invalid.
Checking form submission time
Script the page the form is on in such a way to monitor how long it took the user to submit the form. If the form is submitted too quickly (e.g. within a few seconds) or too slowly (e.g. after 45mins), it was most likely completed by a bot.
For other approaches, see: