As the role of website user experience rapidly emerges, more and more traditional web development techniques are being questioned and among those CAPTCHAs are on the first place.
CAPTCHA, which stands for Completely Automated Public Turing Tests to Tell Computers and Humans Apart, is a type of computer test used to determine whether the user is a human or a robot.
Initially CAPTCHAs were intended to prevent illegal or harmful usage of sensitive information available on the web, as well as thwart automated form registrations, spam comments, etc. This technique was employed firstly on major eCommerce websites, but now you will encounter various types of CAPTCHAs in almost every registration or comment form on the web. It appears to be an easy and quick fix for preventing spam and malicious bot attacks, which are very common nowadays.
So if CAPTCHAs are such a useful web security solution, what makes them not usable?
It’s the CAPTCHA itself that makes it so annoying for the users that sometimes they are even willing to give up the whole registration process and leave the website. CAPTCHA is typically a simple task like typing the letter or digits you see in an image or hear on the audio recording. The idea is to make the test easy for humans and nearly unsolvable for bots. But as technologies develop and more sophisticated bots come into play, developers have a challenge to create more complex tasks for bots, while keeping it simple for humans.
As you know CAPTCHAs come in different forms, but the most common ones are as follows;
1. Text Recognition CAPTCHA, aka reCAPTCHA project
This is the most widely used type of CAPTCHA that requires users to type the distorted letters shown in a picture, which is in fact a small fraction of scanned text that optical character recognition (OCR) technology has failed to interpret. With millions of users filling in these CAPTCHAs everyday it’s a brilliant solution to help digitize books and other scanned data. ReCAPTCHA project was originated at Carnegie Mellon University and “to our great surprise” is now to run by Google.
Text Recognition has a few major downsides, among which the most vital is its inaccessibility to people with disabilities. Even a healthy human being is often times unable to understand the text in the image, let alone people with poor eyesight or blindness.
To somehow address this issue, developers have paired text recognition CAPTCHAs with audio recordings, but these ones perform even worse in terms of registration form conversions.
2. Image Recognition CAPTCHAs
“A picture is worth a thousand words” trend has hit CAPTCHAs as well and now you can frequently see registration or comment forms where instead of distorted text you need to recognize the objects in a picture and then type its name or simply select the image.
A more creative or better to say commercial use of image based CAPTCHAs is presented by Solve Media. It offers visual ads with some quotation that users need to type in the text box. Though these CAPTCHAs tend to be more recognizable for humans, this is yet another advertising medium, which most users may find too invasive. As genius as the idea of commercializing CAPTCHAs seems, still many brands wouldn’t risk to associate their image with such an annoying user experience.
3. Logic Questions and Math
Another popular anti-bot solution is the use of simple math problems and logic questions for ensuring that data input is generated by a human. These questions range from easy 1st grade math equations like “2+1=?” up to more complex “What color are blue flowers?”. From a UX perspective, these CAPTCHAs may be less annoying but more time consuming, because users need to read and comprehend the question, besides being sadly used to the text recognition CAPTCHAs, it is ironically difficult to switch to something other than that.
Though originally CAPTCHA was a very powerful weapon in the anti-spam war, but nowadays its effectiveness has dropped significantly as more and more hackers employ cheap human labor to bypass those almighty CAPTCHAs and very often your website will receive fake submissions and spam comments anyway.
So, after all, is it worth the poor UX you deliver to your users?
To answer this question you probably need to do your own A/B testing with CAPTCHA and non-CAPTCHA submission forms for some period of time and assess the conversion rates and spam rates.
But thankfully there is no need to go to such extremes as eliminating CAPTCHAs altogether to make your users comfortable with your website. Nowadays there are many alternative solutions that can fix the broken UX of your submission forms while still maintaining the security level provided by regular CAPTCHAs.
One of the most popular alternatives to the dreaded CAPTCHAs is the Honeypot technique. The idea is to have a hidden field in your submission form that will be visible only to the robots and not accessible for human visitors. Considering that bots are reading the raw code of the webpage, it will be easy to catch them in the Honeypot trap. So if this field is filled, the system can automatically reject the submission marking it as spam.
Sure, this technology is not perfect, but it is a smart way to enhance your submission form UX and pleasantly surprise your users with no need to fill in those annoying CAPTCHAs anymore while staying safe from bots.
Another usable type of CAPTCHA is a checkbox like “I am not a robot”, which a user needs to tick to submit a form. It’s simple, small and understandable. As for the security, bots won’t be able tick the checkbox because it’s only displayed to users on the client-side.
Interactive and Fun CAPTCHA
Another way to soothe the pain of CAPTCHAs is to present it in a more fun and enjoyable form; through play. Creating a simple, almost primitive game CAPTCHA you can make the security check process more user-friendly but still spam-free.