Skip to main content

Why You Should Stop Using CAPTCHAs

There are few amongst us who won’t have, at some point or another, filled in a CAPTCHA code. CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” and they are most commonly used to stop automated submissions of web forms, such as registration or contact forms.
CAPTCHAs are widespread, but are they actually damaging the usability of your website? I would argue that there are better alternatives to CAPTCHAs and that you should break the habit of using them on your sites.

Once upon a time, there was a CAPTCHA code…

CAPTCHA frustration
Let me tell you a short story by way of introduction. Yesterday, I was trying to register on a website. The website in question employed one of the worst CAPTCHA codes that I had ever seen. It looked like a child had written something with an ink-starved pen and then left the piece of paper out in the rain. In a way, it was quite artistic, but unfortunately it was also totally illegible.
I had a go at deciphering it, made my submission, and I wasn’t surprised to be thrown back with an “incorrect code entered” message. “Oh well”, I thought, “the next CAPTCHA they give me can’t be as bad as that one was.”
It wasn’t. It was worse.
This one resembled the stains left on my carpet when my cat has engaged in a midnight feast on an unsuspecting rodent. Not only was it also illegible, but I also couldn’t give it any credit for being artistic this time. I really wanted to register on this site though, so I screwed up my face, got my eyes as close to the screen as possible before my focus started to distort, and tapped the letters and numbers into my keyboard.
“Incorrect code entered. Please try again.”
Now, as someone who works in the web design industry, I have a fairly decent attention span on the Internet; probably more so than most of Joe Public. But by this time, I was getting frustrated. I didn’t have time for this.
So I left the site open and opened a new tab, just to curiously check to see if I’d missed an alternative service provider in the same sector. As it happens, I had.
A few clicks later, and no CAPTCHA code to be seen, I was registered on the alternative site, and my business was winging its way into the hands of this other website’s proprietor.

Are CAPTCHA codes damaging your clients’ websites?

My experience yesterday got me thinking. Most will agree that CAPTCHA codes are annoying, but in most cases, we accept them as an unavoidable step in the battle against bots and spam. But what if it was shown that CAPTCHA codes are not only damaging the usability of your website, but also hampering the ability of your site to create leads, generate sales or otherwise function and interact with your audience?
The reality is that for the vast majority of the sites that we build as web designers and developers, we don’t really have to worry about targeted attacks on our contact and registration forms. Using a CAPTCHA code on most sites is like using a Humvee to crack an egg. If you’re developing a high-profile site or security critical web app, then sure, perhaps a CAPTCHA is going to provide you the most protection. But even then, you should be weighing up the risks and usability trade-off and asking yourself if there is a more user-friendly alternative. Oh, and by the way, there is a business in breaking CAPTCHA codes, so even if you use one, you’re not necessarily safe from a concerted effort to break it.
And if all you have to worry about is protecting a form from generic spam bots, then there is definitely no excuse; you don’t need a CAPTCHA; there are more user-friendly alternatives.
Think about it; you’ve developed a beautifully thought-out website with clear user-funnels, calls to action, with everything gently pushing your visitors towards registering, purchasing, enquiring or otherwise completing a goal, and then you stick a dirty great squiggle at the end that your users have to decode before completing the task. It’s a bit like spending weeks gently building up to asking someone out on a date and then vomiting down your shirt when you pop the big question.
The good news is that there are plenty of alternatives to CAPTCHAs. Really, you don’t need them anymore! A quick search on the Internet will turn up plenty, but here are a few I’ve picked out:

Simple Maths Questions

Maths
This one is quite popular, and definitely less intrusive than a traditional CAPTCHA. For instance, your form may ask the user “what’s 3+2″ and will then validate it server-side.

Use Javascript

javascript
One of my favorite methods is to do the whole verification process transparently client-side, whereby on form submission, a Javascript function is called to perform some simple arithmetic and push the result into a hidden field which is then verified server-side. This is a good one to use if you know that your user-base is going to have Javascript installed. Indeed it’s arguable that it’s worth using even at the expense of the small number of people who have Javascript disabled. For example, what’s more damaging? Using a CAPTCHA or using Javascript? The answer to that is down to you though.

Use Pictures

You could present a set of pictures and, for example, ask the user to select the rabbit and the cat. If this technique suits your brand, then why not try it? Perhaps not advisable to use on an Undertaker’s site or in any other “non-quirky” situation though!

Completion of a simple task

currybet.net
I saw the CAPTCHA used on Martin Belam’s blog the other day and not only does it do the job, it also made me chuckle. Asking a visitor to complete a simple task like this takes almost no extra time or thought; unlike a traditional CAPTCHA.

Use a service like Akismet

Akismet
Akismet is an excellent spam-filtering service for blog comments: use this and you’ll hardly have to worry about spam on your blogs ever again.

Put up with it

gmail
Depending on the situation, it may be worth you asking yourself; “should I just put up with a bit of spam”. If the output of your website is an email, then modern spam protection on services such as Gmail are so good that you should really consider just ripping out the CAPTCHA altogether. If it helps your sales or enquiries, then perhaps a bit of spam is a price worth paying?

CAPTCHA still gotcha?

recaptcha
Not convinced? No problem, that’s OK. But if you’re going to use a CAPTCHA, at least use a good one. reCAPTCHA is considered one of the better ones.

Wrapping things up

That pretty much sums up my thoughts on the subject of CAPTCHA codes and if you take away just one thing from this article, let it be that you always consider the usability of your websites first and foremost. If you don’t, it could cost you or your client their next sale.
I’ll leave you with one last CAPTCHA idea, courtesy of xkcd
xkcd

Comments

Post a Comment

Popular posts from this blog

Evolution Of Computer Virus [infographic]

134 comments
CONTINUE READING THIS POST..........

4 Free Apps For Discovering Great Content On the Go

1. StumbleUpon The granddaddy of discovering random cool stuff online, StumbleUpon will celebrate its 10th anniversary later this year — but its mobile app is less than a year old. On the web, its eight million users have spent the last decade recommending (or disliking) millions of webpages with a thumbs up / thumbs down system on a specially installed browser bar. The StumbleUpon engine then passes on recommendations from users whose interests seem similar to yours. Hit the Stumble button and you’ll get a random page that the engine thinks you’ll like. The more you like or dislike its recommendations, the more these random pages will surprise and delight. Device : iPhone , iPad , Android 2. iReddit Reddit is a self-described social news website where users vote for their favorite stories, pictures or posts from other users, then argue vehemently over their meaning in the comments section. In recent years, it has gained readers as its competitor Digg has lost them.
141 comments
CONTINUE READING THIS POST..........

‘Wireless’ humans could backbone new mobile networks

People could form the backbone of powerful new mobile internet networks by carrying wearable sensors. The sensors could create new ultra high bandwidth mobile internet infrastructures and reduce the density of mobile phone base stations.Engineers from Queen’s Institute of Electronics, Communications and Information Technology are working on a new project based on the rapidly developing science of body-centric communications.Social benefits could include vast improvements in mobile gaming and remote healthcare, along with new precision monitoring of athletes and real-time tactical training in team sports, an institute release said.The researchers are investigating how small sensors carried by members of the public, in items such as next generation smartphones, could communicate with each other to create potentially vast body-to-body networks.The new sensors would interact to transmit data, providing ‘anytime, anywhere’ mobile network connectivity.Simon Cotton from the i
49 comments
CONTINUE READING THIS POST..........