WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: CAPTCHA

for

From: Mallory van Achterberg
Date: Nov 5, 2014 6:27AM

> On 11/5/14, Tim Harshbarger < <EMAIL REMOVED> > wrote:
> > Are there accessibility solutions for CAPTCHA's that work specifically well
> > for users who are deaf-blind? Are there solutions that be combined with
> > other accessibility solutions to try to improve the accessibility/usability
> > disaster that CAPTCHAs seem to create? What kind of real world success have
> > people had trying to solve the CAPTCHA accessibility problem? How many
> > different ways can we solve this kind of problem?

The "best" ways I have found are unfortunate for many webmasters
because the "best" solution seems to be a combination of many
things: honeypots *and* timers *and* IP-range-blocking *and*
human moderation at some level.

I think it was Karl Groves who posted a whole list of his arsenal...
http://www.karlgroves.com/2012/04/03/captcha-less-security/

Which, the questions then remain:
- These have been effective for Karl, but would they work equally
well for larger or higher-traffic sites?
- How to bundle all these things into a single simple implementation
(the reason anyone uses CAPTCHA at all is because it's a single
programmatic thing one can add to a form)... if it's not easy or
takes more resources, it won't be implemented (much)

The largest question in my mind is, how do we separate legitimation
from human-ness? Spammers are humans and illigitimate, scripts and
bots are not human and sometimes legitimate. This is where CAPTCHA
fails, on top of incidentally blocking real and legitimate humans
who miss something which, honestly, is not uniquely human or necessary
to define "human".
Multi-auth might be one way, though then we're imposing hardware
limitations (for example, my phone can't recieve SMS, and I'm not
the sole weirdo, and email validation can be subject to filters and
SMTP issues).

_mallory