Something that has often irritated me when using some websites is the use of CAPTCHA's.  For those that don't know, a CAPTCHA is the automatically generated image, often used at the end of a web form which asks you to identify the text in an image.  This is to identify a form submission performed by a human user, from an automatic entry by a script, or spam bot.  Whenever I come across these, it is a minor inconvenience, which adds a few seconds on to the time spent submitting the form data, but I also feel a little offended that I have to identify myself, as though I'm guilty until proven innocent.  I recently came across an article on Smashing magazine that goes into great detail on many good and bad aspects of CAPTCHA's, and looks at alternatives.

There are variations on the idea of CAPTCHA's, involving basic logic questions that are easy for a human, but extremely difficult for a computer to work out, or ones that ask the user to, for instance, identify the images of cats in a set of images.  But they all have the same issues.  The main problems of CAPTCHA's are that it greatly hinders web users who have a disability, for example, those with a visual impairment would never be able to use the site.  A CAPTCHA in a form adds time to every user's submission, and slightly reduces the number of submissions being sent. It can also be seen as a lazy solution: instead of the web hoster or provider dealing with the problem of spam bots, it is pushing the problem onto the user.

There are a variety of alternatives that can be implemented in place of a CAPTCHA to prevent spam, that don't alienate users.  With the rising popularity of the social web (twitter & Facebook), their services can be used to get a user to login before being able to use the site.  The Honeypot Method is a clever solution, which involves placing a hidden field within the form that a normal user won't see or fill in, but a bot would enter data, thus identifying spam data.  Another simple but elegant detection is to filter bad entries based on the time spent filling out the form.  A bot will fill the form out and submit in a very short time (less than 5 seconds), whereas a human would never be able to do that.

Before going down the patch of using CAPTCHA's, take a moment to think on whether it is truly the best solution.  A quick google search will reveal a large amount of discontent over the use of them.  The onus for spam filtering should be on the provider, rather than pushed onto the user, and with a bit of effort, an effective alternative could well be used instead which provides a much nicer web experience for your users.

+ Back to blog home

Posted in: General