Comments on: A useful CAPTCHA from reCAPTCHA

By: Joe Dolson

Joe Dolson — Tue, 10 Jun 2008 19:41:29 +0000

In fact, I’d say that there are a lot of accessibility flaws. It still comes in as one of the more accessible CAPTCHA options out there — - but only by merit of a lot of sucking elsewhere.

As to their email protection — well, it seems like a lot of trouble to go to when there are plenty of perfectly valid other options. The ellipsis as link text — pretty problematic, accessibility wise. Launching a new window? Well, it’s questionable — but probably the most reasonable choice given the context.

However, it seems to me that simply using secure contact forms for all email contacts is really the better choice.

By: Skye

Skye — Mon, 09 Jun 2008 20:16:23 +0000

Joe, if you get a chance, what do you think of the reCaptcha mailhide? When I tried it out on their site, I had to click on a link in the middle of a word - the text of the link was an ellipsis - and it launched a new window where I had to solve the CAPTCHA. I didn’t think much of it. They heavily promote the accessibility of the reCaptcha, but the mailhide implementation seems seriously flawed.

By: yonatan

yonatan — Mon, 11 Feb 2008 15:43:58 +0000

we tested a number of captchas for our sites (check out Traxtuff for instance), and eventually made a small project out of it, to let you play around with different free CAPTCHA classes and libraries.
hope it helps find one that will fit your site nicely, you can find it at http://www.trycaptcha.com
we’re still setting it up but it’s already useful…
personally I really like recaptcha BTW,
for the great idea of getting people to perform a constructive action as part of a mundane task :)

By: Joe Dolson

Joe Dolson — Thu, 07 Feb 2008 22:12:03 +0000

It would not work, even using that term in it’s broadest possible sense. Additionally, for either option there are very serious accessibility consequences.

First of all, it wouldn’t work as described simply because of the brute force attack method of many spam bots: if they encounter 50 submit buttons, they’ll submit ‘em all. Now, this is easy to get around: simply make it so that the submission of any button other than the active one invalidates the submission.

But you still have the accessibility and usability problems:

With the first choice, you’re seriously disenfranchising users with learning disabilities, dyslexia, or users who aren’t using a browser with a standard display: screen readers, mobile devices, etc.

In the second choice, you’re again disenfranchising users with learning disabilities, as well as causing problems for users who are color blind.

And, of course, on a usability front, you’re making the submission process extremely difficult for everybody. Seriously, do you want a contact form with 40 buttons, each a different size and shape? Aesthetically a lot less than appealing, and damned difficult to take in mentally.

By: Kenton

Kenton — Thu, 07 Feb 2008 21:58:02 +0000

Here is the idea: Have six to ten (or even 100) “submit” buttons. Only one works, but it is a different one each time. Above the buttons you get a message (or a distorted image) saying: “To submit, please press the third button from the left in the second row from the top”.
Less accessibility but similar: Buttons have different colours or sizes or texts and then the message could read “press green button” or even “press the smallest green button in the second row from the bottom that does not have an x in its text”.

Would that work

By: Joe Dolson

Joe Dolson — Tue, 22 Jan 2008 23:27:57 +0000

Well, it’s certainly a seal of approval on the stability of the code — - I’m not sure that Facebook is what I’d consider at the forefront of high quality code, however…

By: Neil

Neil — Tue, 22 Jan 2008 22:58:20 +0000

Last time I checked, Facebook were using reCaptcha during their registration process - and that’s a registration process which handles 250,000 new users everyday. That’s a decent seal of approval for any snippet of code!

By: Joe Dolson

Joe Dolson — Tue, 22 Jan 2008 15:43:19 +0000

Unfortunately, this is true with the default (scripted) version. Ironically, the backup version (available without Javascript) is not only accessible via keyboard but provides a very clear and noticeable :focus state to assist you with keyboard navigation.

This is certainly one reason that it’s clearly not yet up to scratch.

Thanks, Gez.

By: Gez Lemon

Gez Lemon — Tue, 22 Jan 2008 12:51:42 +0000

Hi Joe,

The biggest problem with reCAPTCHA is that it is not keyboard accessible (you have to use a mouse to change the type of challenge). That means it’s inaccessible to some assistive technology users, such as screen reader users, and people with mobility impairments that prevent them from using the mouse.