Advante

In the News...

Articles, News and Other Interesting Information...

Why You Should Stop Using CAPTCHAs

There are few amongst us who won’t have, at some point or another, filled in a CAPTCHA code. CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” and they are most commonly used to stop automated submissions of web forms, such as registration or contact forms.

CAPTCHAs are widespread, but are they actually damaging the usability of your website? I would argue that there are better alternatives to CAPTCHAs and that you should break the habit of using them on your sites.

Once upon a time, there was a CAPTCHA code…

Let me tell you a short story by way of introduction. Yesterday, I was trying to register on a website. The website in question employed one of the worst CAPTCHA codes that I had ever seen. It looked like a child had written something with an ink-starved pen and then left the piece of paper out in the rain. In a way, it was quite artistic, but unfortunately it was also totally illegible. I had a go at deciphering it, made my submission, and I wasn’t surprised to be thrown back with an “incorrect code entered” message. “Oh well”, I thought, “the next CAPTCHA they give me can’t be as bad as that one was.” It wasn’t. It was worse. This one resembled the stains left on my carpet when my cat has engaged in a midnight feast on an unsuspecting rodent. Not only was it also illegible, but I also couldn’t give it any credit for being artistic this time. I really wanted to register on this site though, so I screwed up my face, got my eyes as close to the screen as possible before my focus started to distort, and tapped the letters and numbers into my keyboard. “Incorrect code entered. Please try again.” Now, as someone who works in the web design industry, I have a fairly decent attention span on the Internet; probably more so than most of Joe Public. But by this time, I was getting frustrated. I didn’t have time for this. So I left the site open and opened a new tab, just to curiously check to see if I’d missed an alternative service provider in the same sector. As it happens, I had. A few clicks later, and no CAPTCHA code to be seen, I was registered on the alternative site, and my business was winging its way into the hands of this other website’s proprietor.

Are CAPTCHA codes damaging your clients’ websites?

My experience yesterday got me thinking. Most will agree that CAPTCHA codes are annoying, but in most cases, we accept them as an unavoidable step in the battle against bots and spam. But what if it was shown that CAPTCHA codes are not only damaging the usability of your website, but also hampering the ability of your site to create leads, generate sales or otherwise function and interact with your audience? The reality is that for the vast majority of the sites that we build as web designers and developers, we don’t really have to worry about targeted attacks on our contact and registration forms. Using a CAPTCHA code on most sites is like using a Humvee to crack an egg. If you’re developing a high-profile site or security critical web app, then sure, perhaps a CAPTCHA is going to provide you the most protection. But even then, you should be weighing up the risks and usability trade-off and asking yourself if there is a more user-friendly alternative. Oh, and by the way, there is a business in breaking CAPTCHA codes, so even if you use one, you’re not necessarily safe from a concerted effort to break it. And if all you have to worry about is protecting a form from generic spam bots, then there is definitely no excuse; you don’t need a CAPTCHA; there are more user-friendly alternatives. Think about it; you’ve developed a beautifully thought-out website with clear user-funnels, calls to action, with everything gently pushing your visitors towards registering, purchasing, enquiring or otherwise completing a goal, and then you stick a dirty great squiggle at the end that your users have to decode before completing the task. It’s a bit like spending weeks gently building up to asking someone out on a date and then vomiting down your shirt when you pop the big question. The good news is that there are plenty of alternatives to CAPTCHAs. Really, you don’t need them anymore! A quick search on the Internet will turn up plenty, but here are a few I’ve picked out:

Simple Maths Questions

This one is quite popular, and definitely less intrusive than a traditional CAPTCHA. For instance, your form may ask the user “what’s 3+2? and will then validate it server-side.

Use Javascript

This one is quite popular, and definitely less intrusive than a traditional CAPTCHA. For instance, your form may ask the user “what’s 3+2? and will then validate it server-side. One of my favorite methods is to do the whole verification process transparently client-side, whereby on form submission, a Javascript function is called to perform some simple arithmetic and push the result into a hidden field which is then verified server-side. This is a good one to use if you know that your user-base is going to have Javascript installed. Indeed it’s arguable that it’s worth using even at the expense of the small number of people who have Javascript disabled. For example, what’s more damaging? Using a CAPTCHA or using Javascript? The answer to that is down to you though.

Use Pictures

You could present a set of pictures and, for example, ask the user to select the rabbit and the cat. If this technique suits your brand, then why not try it? Perhaps not advisable to use on an Undertaker’s site or in any other “non-quirky” situation though!

Completion of a simple task

I saw the CAPTCHA used on Martin Belam’s blog the other day and not only does it do the job, it also made me chuckle. Asking a visitor to complete a simple task like this takes almost no extra time or thought; unlike a traditional CAPTCHA.

Use a service like Akismet

Akismet is an excellent spam-filtering service for blog comments: use this and you’ll hardly have to worry about spam on your blogs ever again.

Put up with it

Depending on the situation, it may be worth you asking yourself; “should I just put up with a bit of spam”. If the output of your website is an email, then modern spam protection on services such as Gmail are so good that you should really consider just ripping out the CAPTCHA altogether. If it helps your sales or enquiries, then perhaps a bit of spam is a price worth paying?

CAPTCHA still gotcha?

Not convinced? No problem, that’s OK. But if you’re going to use a CAPTCHA, at least use a good one. reCAPTCHA is considered one of the better ones.

Wrapping things up

That pretty much sums up my thoughts on the subject of CAPTCHA codes and if you take away just one thing from this article, let it be that you always consider the usability of your websites first and foremost. If you don’t, it could cost you or your client their next sale. I’ll leave you with one last CAPTCHA idea, courtesy of xkcd…
Sources – Article and images by Oskar Smith of Esvelte.