WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: CAPTCHAS [was] Re:? I don't even know whatsubjectheading to put for this question :)


From: Phil Teare
Date: Sep 21, 2006 12:00PM

I agree that Captcha's are not a way to secure anything. But in practice
they do keep the spamming down to bareable levels in most situations.

An interesting thought is that audio snippets could possibly be easier to
recognise with a speech rec enabled app than OCRing the Captcha. Unless
that were overlaid with some background noise. But then you get to the point
were many users will not be able to recognise it either.




On 21/09/06, Moore, Michael < <EMAIL REMOVED> > wrote:
> Captcha's are actually pretty useless, at least in my own opinion. They
> are suppose to be a type of Turing Test, but actually can be defeated by
> automated means. Methods of defeating them are probably improving in the
> spamming community. For one example see http://sam.zoy.org/pwntcha/.
> Using an auditory substitute does not guarantee either accessibility or
> the inability to defeat the captcha using an automated system. Finally,
> if you wanted to defeat captcha to create a large number of accounts to
> use for spamming, you could probably contract it out and pay a few folks
> to create the accounts for a couple of days. The international labor
> market would make this a rather inexpensive proposition, possibly as low
> as $0.01 US per 1000. Don't quote me on the price, I haven't actually
> solicited a bid for the service.
> In general, I don't really feel that Turing Tests are a good method of
> providing site security. Each method that I have seen has both security
> problems and accessibility issues. By the time you have provided enough
> alternatives to deal with all of the potential accessibility issues, and
> still managed to maximize the security, you have likely already blow
> both your project budget and your project time line. If you really need
> the type of security that you hope to get from a captcha, using email
> responses, or another even more secure method of account creation
> probably more effect both for accessibility and security. If your just
> trying to prevent comment spam on your blog use a filter or moderate the
> comments.
> That's my two cents anyway.
> Mike
> -----Original Message-----
> [mailto: <EMAIL REMOVED> ] On Behalf Of Darrel Austin
> Sent: Wednesday, September 20, 2006 5:32 PM
> To: WebAIM Discussion List
> Subject: Re: CAPTCHAS [was] Re:? [WebAIM] I don't even know what
> subjectheading to put for this question :)
> On Sep 20, 2006, at 1:02 PM, Christian Heilmann wrote:
> >> We have found that we have a need for it in one area of our site.
> Do you REALLY need it?
> These are not only often accessible, but usually hard to use and just
> plain annoying.
> I was helping my father set up a Flickr account the other month and
> between the two of us, we had to guess at 4 separate captchas before we
> finally got it right.
> Just be sure that IF you are using them you have run out of all other
> options. Annoying the end-user should always be a last resort.
> -Darrel
> Address list
> messages to <EMAIL REMOVED>