@#$%! CAPTCHA

“Curves I Like” Submitted by Anna on Captchart.com

THE WORD ON THE CURVE
I look forward to the day when we look back on the early 00′s and laugh about the ridiculous blight websites put on the user experience. I’m talking about CAPTCHA. When it first appeared I thought it was a small but maybe necessary hurdle in my path to fill out a form. Perhaps it offered some security benefit to my data? I didn’t know but I didn’t give it too much thought since I only saw it on a few conference registration forms. But now it seems CAPTCHA has become the flashing graphic of the day.

CAPTCHA stands for Completely Automated Public Turing Test To Tell Computers and Humans Apart. It is supposed to provide a simple challenge that a human can answer that a computer cannot. But as black hat technology improves and computers can read CAPTCHA the images have become increasingly complex and thus harder to decipher for humans too. One hope is that it won’t be long until the deciphering success rates are equal between bots and humans and therefore will no longer serves it’s purpose.

WHAT DOES CAPTCHA COST YOUR SITE?
It was this article from Harry Brignull (90 Percent of Everything) that prompted me to dig deeper into the issue. Harry states it clearly – “Using a CAPTCHA is a way of announcing to the world that you’ve got a spam problem”. Site designers and managers are putting the burden on the user to overcome the site’s technical problem.

In the course of my working with ecommerce managers I know how much scrutiny they put on every element on a page in the funnel that could potentially deter conversion. Why isn’t the same scrutiny placed on a registration form’s conversion? Referencing a study done on a high-traffic website Mr. Brignull shows how replacing CAPTCHA with alternate methods gave the site a 64% conversion lift. I’ve read about similar results elsewhere.

‘Slider’ – a human validator on theymakeapps.com

WHAT’S THE ALTERNATIVE?
Slobodan Kovacevic (Array Studios) lists some CAPTCHA alternatives here.  The more favorable solutions (IMHO) use hidden fields called honeypots that wold only be seen by a bot and when filled out identify the submission as submitted by a bot. This method can be further checked against a timestamp measurement in which forms filled out in an unrealistic timeframe (seconds vs minutes) would be tagged as bots. Another creative alternative can be seen on TheyMakeApps.com requiring the user to slide an arrow from one area to another using the mouse. Imagine how something like this could be more playful and even play into the ‘gamification‘ trend.

Yes, the spammers are always only a step or two behind but clearly there are more elegant solutions to separating humans and computers.

WHERE DO YOU STAND?
Are you a UX practitioner with a story about CAPTCHA?

 

Comments

  • Nothing is more of a buzkill than when you hit submit on the perfect rebuttal to a post on Reddit or Slashdot only to be unceremoniously rebuked by an overzealous CAPTCHA implementation. I like to think my eyes are still pretty good, yet they never cease to fail me when trying to read some of the modern permutations. Is it an e rotated at 45 degrees? Is it some kind of c with an accent mark — a circumflex perhaps? Does my keyboard even have that letter? A lot of them play a sound, which is even more of an insult. The ugly truth, as you point out, is that most CAPTCHA systems have been or can be defeated with fairly minimal effort. I am acquainted with a gentleman whose entire business revolves around defeating the CAPTCHA of a major outlet of concert tickets in the US. It’s a bad system, and it needs join the other relics of the internet such as real player, the infamous frameset tag and table based layout.

    DanielAugust 13, 2011

Leave a Reply