CAPTCHA forms with distorted text or audio can cause a number of issues related to accessibility. The purpose of CAPTCHA forms is to prevent automated servers and automated robotic web crawlers (“bots”) from submitting forms, but in doing so, they also deny some human users access.
Although there are workarounds available, the best approach may be to use a CAPTCHA that poses a logic question in plain text. Such questions are easy for humans to answer, but difficult for a machine to parse.
Simply put, the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) system is a type of form used on many Web sites. Users are asked to enter text displayed in an image, or text heard in an audio file.
In both cases, the text is distorted (i.e. wavy in an image file or embedded in a set of whispers in an audio file). The theory is that human eyes can understand these images or recordings, but automated text readers or voice recognition systems cannot.
- A CAPTCHA image cannot include ALT text for screen readers, because a bot would read it
Audio CAPTCHAs can interfere with screen readers unless a pause at the beginning is included.
- As spammers develop algorithms to break CAPTCHA systems, images and audio become more distorted, to the point where even many sighted users have difficulties identifying the text.
Below are some options to the traditional image based captcha.
Logic Question CAPTCHAs
One method to avoid using inaccessible images or audio is to use a question rather than an image or audio. A sample CAPTCHA question might be "Which animal is larger—a mouse or a horse?"or "What state is Philadelphia located in?"
Another class of challenge questions is math questions (e.g. "What is one plus three?").
It should be noted that with question-based CAPTCHA systems, hackers can develop algorithms to predict questions and answers or hire users to answer CAPTCHA questions. Rotating questions is recommended for high volume sites.
Another alternative for services with a relatively light traffic load is to manually approve access or postings. In many cases, when spammers realize that they cannot post automatically to a service, the rate of traffic typically drops over time.
Some developers employ natural language filters to detect likely spam messages. Others may watch for activity coming from similar IP addresses and then present a challenge (e.g. ask for a cell phone number to which a confirmation message is sent).
Example algorithms may also be online.
One developer reported that the rate of spam messages dropped significantly when he banned the string "
http://" from being used in a discussion post (although web addresses without it were still allowed).
WebAccess or Other Authentication
Penn State services can often take advantage of WebAccess single sign-on if the target audience is the Penn State community. Penn State is also part of the InCommon Federation (aka Shibboleth), which is a technology that allows single sign-on between universities and select vendor services.