WebAIM - Web Accessibility In Mind

E-mail List Archives

Thread: A very interesting and comprihensive article on CAPTCHAs

for

Number of posts in this thread: 4 (In chronological order)

From: Birkir R. Gunnarsson
Date: Fri, Nov 18 2011 6:45AM
Subject: A very interesting and comprihensive article on CAPTCHAs
No previous message | Next message →

Good morning

I just received this link via the Blind Programming list, and thought
it would be worth a read and a discussion here as well, as many people
must get questions regarding CAPTCHAs and possible spam detection
mechanisms out there.
http://coding.smashingmagazine.com/2011/03/04/in-search-of-the-perfect-captcha/

The honey pot mentioned, that filters out spammers by having an
additional hidden field, whose input indicates bot activity, since
bots interact with the raw html bugs me, after all screen readers do
that too.
Admittedly the label could indicate that this is a type of filter and
no data is required, but that could do away with the usefulness of
that field, since relatively simple language detection might help the
spam bots.
Either way, this is a very interesting discussion of the problem and
the solutions, and accessibility definitely gets its fair share of
attention.
Cheers
-B

From: Jared Smith
Date: Fri, Nov 18 2011 8:21AM
Subject: Re: A very interesting and comprihensive article on CAPTCHAs
← Previous message | Next message →

On Fri, Nov 18, 2011 at 6:46 AM, Birkir R. Gunnarsson
< = EMAIL ADDRESS REMOVED = > wrote:

> I just received this link via the Blind Programming list

WebAIM has a similar, though a bit more detailed article from 2007
that outlines several CAPTCHA alternatives -
http://webaim.org/blog/spam_free_accessible_forms/

> The honey pot mentioned, that filters out spammers by having an
> additional hidden field, whose input indicates bot activity, since
> bots interact with the raw html bugs me, after all screen readers do
> that too.

We implement the hidden field after the submit button, hide it with
CSS display:none (a screen reader would not read it), and give it a
descriptive label that clearly indicates that the user should not
place anything within the field.

Our experience has been that this technique, along with a basic
naughty word list and form submission time detection (if they submit
the form in less than 3 seconds or more than 30 minutes) has
effectively blocked around 99% of bot and spam submissions.

Jared

From: Jennison Mark Asuncion
Date: Fri, Nov 18 2011 2:33PM
Subject: Re: A very interesting and comprihensive article on CAPTCHAs
← Previous message | Next message →

Hi,

With all of the discussion around captcha alternatives, would be useful if
somehow conversation could be opened up with colleagues in the info
security space since, at least in the corporate sector, one would need
their buy-in before any of this would even be considered.

Jennison


--
Jennison Mark Asuncion
Co-Director, Adaptech Research Network http://www.adaptech.org
LinkedIn at http://www.linkedin.com/in/jennison
Follow me on Twitter http://www.twitter.com/jennison

From: Sailesh Panchang
Date: Sun, Nov 20 2011 4:48PM
Subject: Re: A very interesting and comprihensive article on CAPTCHAs
← Previous message | No next message

Indeed as accessibility enthusiasts we are not in favor of CAPTCHA. I
too was thinking the same thoughts as Jennison: folks from the IT
security field should be involved in this discussion because it is
necessary to get their buy-in on not using CAPTCHA or using
alternatives.
And it is absolutely true that businesses should not subcontract
essentially their problem of distinguishing real users from fake ones
onto visitors and must really rethink of how to manage traffic to
their websites.
It was gratifying when a major credit card company decided to do away
with their CAPTCHA on the registration form this past summer based on
our advocacy. They took some six months to evaluate their strategy and
finally decide that there were other security mechanisms in place and
CAPTCHA was unnecessary.
Sailesh Panchang
www.deque.com

On 11/18/11, Jennison Mark Asuncion < = EMAIL ADDRESS REMOVED = > wrote:
> Hi,
>
> With all of the discussion around captcha alternatives, would be useful if
> somehow conversation could be opened up with colleagues in the info
> security space since, at least in the corporate sector, one would need
> their buy-in before any of this would even be considered.
>
> Jennison
>
>
> --
> Jennison Mark Asuncion
> Co-Director, Adaptech Research Network http://www.adaptech.org
> LinkedIn at http://www.linkedin.com/in/jennison
> Follow me on Twitter http://www.twitter.com/jennison
>
>
>
>