When building a website, e-commerce store or any functionality that allows an end user to submit information, we try to avoid using Captcha systems where possible, but as every developer knows its sometimes a necessary evil in order to stop spam from hitting your system.
The National Federation for the Blind have critisised the E-Petition on the White House website because the captcha is prohibitive to some of their members, a white house spokesperson has said that their website does comply with current US Accessibility laws, but it does raise the question as to what alternatives are out there for website developers to implement that can get around these issues. This is by no means comprehensive, but here are a few alternatives we’ve come across in the past.
A popular captcha system and one we have used in the past. This system claims to be accessible for blind users via its spoken version which allows them to hear the words. We tried this, and found it next to impossible to work out what we should be typing amongst the background noises and alien voices.
Logic based captcha
Employing logic to solve a captcha is a possible solution, by asking a question prompting for the relevant answer you can avoid having to use distorted imagery that’s aim is to deter OCR scanning e.g. What colour is snow?. The problem is that you need to have a sufficiently large question database, or the facility to generate with enough randomness to prevent bots from coming up with all the correct answers.
If receiving some spam isn’t an issue, you could remove the captcha altogether and implement an IP based solution to help reduce the number of requests you receive. This works fine until you come across a bot submitting requests from a number of IP addresses and/or if a group of users all fall under the same external IP address (e.g. a corporate network, local govt etc).
You could implement a “honey pot” for spammers by including a hidden form element that you create with the sole purpose of expecting that a spam-bot will fill it out, you can then check for this field and filter out any submission that includes it knowing that a real user wouldn’t have seen it.