CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is a system that almost always relies on a user’s vision to determine whether the user of a web site is a human or a bot. Unfortunately, due to its inherently visual nature, when CAPTCHAs were initially developed they were completely inaccessible to people who used screen readers, and sometimes to people with low vision and cognitive disabilities.
When CAPTCHAs became more widely used, their inaccessibility to visually impaired users became apparent. As a result, some CAPTCHAs provide an audio form of a CAPTCHA, where the letters were spoken aloud via an MP4 or other audio player. Unfortunately, this could be easily interpreted by bots, so the audio CAPTCHAs became more complex, with background sounds and other disconcerting characteristics that often made the audio CAPTCHA inaccessible to all.
The advent of Google’s reCAPTCHA was meant to remove the problems of CAPTCHA altogether, however this is sadly not the case. However, though it provides two methods to pass, it is still not accessible: the audio alternative is difficult to understand, which is an obstacle for users with visual and cognitive impairments (e.g. dyslexia). In addition, not all users will be able to interpret the English-language words and audio used. Many ReCAPTCHAs are also not keyboard accessible.
How to make CAPTCHAs accessible
No one CAPTCHA will be accessible to all users. Providing more than one CAPTCHA method is more accessible than providing one. Every type of CAPTCHA will be unsolvable by users with certain disabilities; however, it is possible to make them accessible to more users.
Some steps are:
- Provide more than one version of CAPTCHA for a given action (i.e. one visual CAPTCHA and one audio CAPTCHA);
- Provide access to a human customer service representative who can bypass CAPTCHA; and
- Do not require CAPTCHAs for authorized users.
Alternatives to CAPTCHA
There are multiple accessible alternatives to CAPTCHA that an organisation can use to stop bots:
- Multi-factor (sometimes called “Two-factor”) authentication;
- Human test questions (e.g. Is fire hot or cold? Is grass green or purple?);
- Honeypot traps (fields that must be left blank, or the form is not submitted);
- Server-side spam filters and server-side validation;
- Confirmation page (a screen after form submission that reads “Here is your information. Are you happy to submit this?”);
- Timestamp your forms (if the form is submitted faster than humanly possible, odds are it’s a spambot);
- Proof of work JavaScript code;
- Heuristics of the user; and
- Limited-use accounts.
It is our advice that there is never a need to use a CAPTCHA. AccessibilityOz believes that CAPTCHAs are inherently inaccessible, and a site that utilises a CAPTCHA is automatically inaccessible to some users.