There are many different ways to secure areas of your site that are open to users, and one of the most popular methods for years have been CAPTCHA’s. They are images that have distorted text which you then write in an input field to verify you are a human and not a machine.
One of the worst things about CAPTCHA’s is how inaccessible they are to those with visual impairments. Heck, I am only twenty-five, and while I do wear glass, even I find myself unable to read some of the letters and numbers on the more complex CAPTCHA images.
Over on SearchEngineWatch there is a great post talking about how CAPTCHA systems are under attack and losing the war.
There are really only two results to this battle. Either the spammers will win or accessibility will lose. There really doesn’t seem to be a happy ending to the whole CAPCHA scenario.
According to this post on TMCnet spoke with Russian researchers who claim to have algorithms that can correctly read CAPTCHA screens 30 to 35% of the time. While these tools are currently only in the hand of some high end folks, over time, it is reasonable to expect that they will get more widely disseminated.
When this happens, the flood gates will really let loose, because a 30 to 35% success rate is a gold mine to a spammer. They don’t care about the failures, as they happily will take the successes. Spam bots will have open season on all email systems, blogs, and social media sites that are protected by CAPTCHA
When this happens, the flood gates will really let loose, because a 30 to 35% success rate is a gold mine to a spammer. They don’t care about the failures, as they happily will take the successes. Spam bots will have open season on all email systems, blogs, and social media sites that are protected by CAPTCHA.
When creating applications, we have to continually come up with new and better ways to deal with the spam issue, and it looks like it is time for a new innovation with CAPTCHA quickly becoming more and more inefficient and less accessible to those with any kind eyesight issues.
What could replace CAPTCHA that spammers would have a hard time defeating but at the same time not be too difficult for humans to decipher? Is there a solution to this problem, or will all of our applications be overrun with spam in the near future?
I think it is an interesting problem that not enough developers are taking the time to think about. How many of you rely on a CAPTCHA service or something similar?