Taeke Reijenga has extensive experience with the business side of Web Accessibility. As CEO of the full service digital agency Level Level, he has managed in a short amount of time to get his entire team on board when it comes to including web accessibility in their workflow.
CAPTCHA systems are tests that protect websites from automated threats by checking whether the visitor is a human or a bot. However, these systems can create barriers for people with visual, auditory, or cognitive impairments, making some CAPTCHAs challenging to navigate.
Despite the possible accessibility issues, the Web Content Accessibility Guidelines (WCAG) permit the use of CAPTCHAs, but only if they add certain accessible features. This ensures that security measures do not exclude users with disabilities.
In this article, you’ll learn all about implementing CAPTCHA systems that are as accessible as possible. However, it’s important to remember that no matter how accessible or transparent your CAPTCHA is, it will never be perfect – valid interactions will still be marked as unwanted and bots will still be able to pierce your site’s defences.
For that reason, we’ll also introduce alternative solutions that offer greater security and inclusivity, adhering to the highest standards of web accessibility to improve the experience for all users.
Understanding CAPTCHA accessibility challenges
CAPTCHAs are intended to protect websites by verifying that a user is human rather than a bot. However, they can create significant obstacles for individuals with disabilities, affecting a broad spectrum of user needs.
Visual CAPTCHA issues
For users with visual impairments, image-based CAPTCHAs present multiple challenges. Text within these CAPTCHAs may be distorted or overlaid on complex backgrounds, making them hard to read, especially for those with limited vision and colour blindness. Additionally, the use of low-contrast colours can further reduce readability.
Audio CAPTCHA limitations
Audio CAPTCHAs, which are meant to offer an alternative to visual CAPTCHAs, also have their issues. Often, the audio quality is poor, or there’s intrusive background noise, making the spoken letters and numbers hard to decipher. This is particularly troublesome for users with hearing impairments or auditory processing disorders, who might struggle to filter out unnecessary sounds.
Interactive and timing challenges
Interactive CAPTCHAs requiring precise mouse movements or quick responses can be a barrier for individuals with motor impairments who may use specialised devices to navigate the internet. These CAPTCHAs demand a level of dexterity that not all users have.
Cognitive load
CAPTCHAs, which often involve complex instructions, problem-solving, deciphering ambiguous images, or solving puzzles, can impose an unnecessary cognitive load and be taxing for users with cognitive disabilities.
Technical barriers
Many CAPTCHAs are not compatible with assistive technologies, such as screen readers or voice recognition software, making them inaccessible to those who rely on these technologies for web navigation.
Advanced CAPTCHA features
Advanced CAPTCHA features, like analysing a user’s IP address or browsing behaviour, can accidentally discriminate against those who use assistive technologies. This is because their navigation patterns may not fit ‘typical’ user behaviour profiles, leading to false negatives in bot detection.
Comparative analysis of current CAPTCHA technologies
The development of CAPTCHA technology dates back to 1997, when computer scientist Mark D. Lillibridge at Carnegie Mellon University developed a solution to combat spam in online forums.
Google’s reCAPTCHA v1 is perhaps the first instance of CAPTCHA technology being widely adopted. This early version of reCAPTCHA involved deciphering hard-to-read text or matching images. It works very similarly to the newer v2, but the latter only activates when the analysis of cookies and canvas rendering suggests the page is being downloaded automatically.
Since 2018, the reCAPTCHA v1 has been shut down in favour of Google’s newer reCAPTCHA v2 and v3. hCaptcha, an alternative type of CAPTCHA developed by Intuition Machines, Inc, is also a popular choice.
Let’s take a look at the differences between them:
CAPTCHA technology | How it works | Accessibility features | Possible issues |
---|---|---|---|
Google’s reCAPTCHA v2 | Users are required to select specific images that match a given prompt or solve a checkbox that asks them to confirm they are not robots. | Offers an audio CAPTCHA option for visually impaired users. | The image-based tasks can be challenging for visually impaired users, even with audio alternatives. Requires interaction, which can be difficult for users with motor impairments. Images have no visual focus, so completing a puzzle with a keyboard is impossible. |
Google’s reCAPTCHA v3 | Operates invisibly in the background, analysing user behaviour and interactions to score their likelihood of being human without active input from the user. | Does not require any interaction from the user, reducing the barrier for those with motor or visual impairments. | Raises privacy concerns as it continuously monitors user behaviour. Might falsely flag or block users using assistive technologies. |
hCaptcha | Users are tasked with selecting images that fit a specific description, similar to reCAPTCHA v2. It is designed to provide CAPTCHA services while also compensating website owners. | Provides an audio CAPTCHA for users who have trouble with visual tasks. | Similar to reCAPTCHA v2, the image recognition tasks can be inaccessible to those with visual and motor impairments. Additionally, audio alternatives may not fully address the needs of all users with auditory impairments. |
Adhering to WCAG: Making CAPTCHAs accessible
The WCAG criterion 1.1.1 Non-text Content includes a section about CAPTCHAs that says:
“If the purpose of non-text content is to confirm that content is being accessed by a person rather than a computer, then text alternatives that identify and describe the purpose of the non-text content are provided, and alternative forms of CAPTCHA using output modes for different types of sensory perception are provided to accommodate different disabilities.”
There are some possible adjustments to help make CAPTCHAs more accessible, but it’s important to note that even these improved versions still present significant challenges and can be difficult to solve. Many accessibility advocates recommend avoiding CAPTCHAs altogether and exploring alternative methods of bot detection that do not rely on interactive challenges, such as analysing interaction patterns or using session cookies.
If you do choose to use CAPTCHA, here are some practical steps to improve CAPTCHA accessibility in line with the WCAG standards:
- Provide audio alternatives: Offer an audio version of the CAPTCHA challenge for users who are visually impaired. The format is similar to normal CAPTCHAS, with the difference being that the user needs to press Play and then enter the numbers or letters they hear in the audio.
- Ensure keyboard navigation: Make sure that all CAPTCHA challenges can be completed using keyboard-only inputs, aiding those who cannot use a mouse.
- Maintain clear and simple instructions: Use straightforward language and clear instructions in your CAPTCHAs to avoid unnecessary complexity, which can be particularly challenging for users with cognitive disabilities.
Besides this, you also have the Success Criterion 3.3.8 for Accessible Authentication. Since CAPTCHAs are a type of cognitive test, they also fall under these rules for level AA compliance. They state that: “A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:
- Alternative – Another authentication method that does not rely on a cognitive function test.
- Mechanism – A mechanism is available to assist the user in completing the cognitive function test.
- Object Recognition – The cognitive function test is to recognize objects.
- Personal Content – The cognitive function test is to identify non-text content the user provided to the Web site.”
If you’re looking to pass the highest accessibility compliance level – AAA, then you need to follow this criterion: “A cognitive function test (such as remembering a password or solving a puzzle) is not required for any step in an authentication process unless that step provides at least one of the following:
- Alternative – Another authentication method that does not rely on a cognitive function test.
- Mechanism – A mechanism is available to assist the user in completing the cognitive function test.”
Exploring alternatives to traditional CAPTCHA systems
Exploring alternatives to traditional CAPTCHA systems can enhance accessibility while maintaining security. Here are several methods that site owners might consider:
- Computer-run challenges: This method automates the process of distinguishing humans from bots without requiring any user interaction. Cloudflare’s Turnstile or Friendly CAPTCHA, for instance, use algorithms to analyse user behaviour in the background, removing the need for manual puzzle-solving or image identification and offering an easy experience for all users.
- Spam filtering: Spam filters analyse content submitted in forms to detect and block spam or malicious data. By evaluating the patterns and metadata instead of challenging the user directly, this method minimises barriers for users with disabilities.
- Honeypots: Honeypots are fields in forms that are invisible to regular users but visible to bots. When a bot fills out these fields, the system recognizes it as non-human. This method is entirely transparent to users and does not interfere with user experience.
- Limited-use accounts: Implementing accounts that have limited capabilities until certain non-intrusive criteria are met can help deter bots. For example, new users might have posting limits until their account reaches a certain age or activity level, preventing spam without affecting accessibility.
Next steps in accessible website design
CAPTCHAs, while essential for security, often pose significant accessibility challenges for people with disabilities. These challenges can be mitigated to some extent by adopting more accessible CAPTCHA systems or, ideally, by utilising alternative security measures such as honeypots or computer-run challenges that do not require user interaction.
However, making CAPTCHAs accessible – or using alternatives – is just one aspect of creating inclusive websites. True accessibility contains many more building blocks, each one addressing a variety of user needs across the entire website design.
To help you become an expert in accessible website design and ensure that your site is welcoming to all users, consider exploring the courses offered by The A11y Collective.
Start “Accessible Design, the Basics” today and gain important knowledge that is needed to build more inclusive digital spaces.
Ready to get started?
Enrol in our “Accessible design, the basics” course today to learn the fundamentals of accessible design and make your website a more inclusive place for all users!