Is CAPTCHA accessible?
If you have ever tried to fill out a form on a website, regardless of whether it is a registration, feedback, or purchase form, you have likely run into a CAPTCHA test. CAPTCHA, which stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart, is a security measure used by websites to differentiate bots from real users and defend against spam. Failing to complete a CAPTCHA test prevents bots from progressing through a user journey.
Unfortunately, these tests can prevent people with disabilities from progressing through user journeys too.
The most common types of CAPTCHA are image-based. A random combination of numbers and letters that are twisted out of shape appear on screen, then the user is asked to decipher what these numbers and letters are. Another test is Google’s reCAPTCHA, which asks users to select pictures within a grid that contain a certain object. Audio CAPTCHAs are less common and more difficult; users must listen to a distorted voice and identify the words or numbers being said.
People with disabilities will run into obvious problems with these tests. Those with sight loss or dyslexia won’t be able to complete an image-based CAPTCHA and people with hearing loss won’t be able to complete an audio CAPTCHA. Some users might be both deaf and blind, and so cannot pass either test. Additionally, most CAPTCHAs are presented only in English, which poses problems for anyone who doesn’t understand the language.
It’s clear that CAPTCHA tests were not originally designed with accessibility in mind. Their most common formats break several criteria outlined in the Web Content Accessibility Guidelines (WCAG).
Text alternatives are not provided for image or audio-based CAPTCHAs because it defeats their purpose. Some website owners try to solve this issue by implementing more than one type of test, allowing users to choose whether they want to complete an image or audio CAPTCHA. While this offers freedom of choice to individuals with sight or hearing loss, it still causes problems for people with cognitive or learning disabilities, non-English speakers, and people with more than one disability.
Other website owners have implemented different tests entirely, such as maths or word questions, trivia, and logic puzzles. But again, this poses issues for those with learning or cognitive disabilities, who may find these questions challenging.
The latest version of Google’s reCAPTCHA, widely regarded as the “most accessible” CAPTCHA solution on the web, uses a checkbox labelled ‘I’m not a robot’. Ticking the box allows users to continue through the site. While reCAPTCHA has worked with a variety of assistive technologies, it has one major flaw that can block people with disabilities: its fallback is the traditional, inaccessible CAPTCHA. Any number of factors can trigger the fallback, including incognito mode, rejecting or clearing cookies, even the use of keyboard navigation.
The World Wide Web Consortium (W3C, the organisation behind the WCAG) has suggested different solutions, the easiest to implement being honeypot traps. Honeypot traps are visible to bots but not humans – by leaving an input field labelled ‘This field is for robots only’ empty, a human user is easily able to pass the test.
In short, the answer to the big question is no, CAPTCHA is not fully accessible. Even Google’s reCAPTCHA can’t be relied upon all the time. While there are several alternative bot traps out there, none are as popular as the CAPTCHA test. Instead, website owners should consider implementing CAPTCHA only as a last resort and come up with different ways to tell bots apart from real users, or otherwise allow users to skip CAPTCHAs or report particularly inaccessible tests.
Contact IA Labs today for more advice and information on how to make your digital services accessible to everyone.