RE: Interesting CAPTCHA-related work from Google

To Jason

Thanks for the link.  Following on from the RQTF meeting I don't have much more to offer since my research of the action item a few weeks ago, but hopefully that will help contribute to the write-up.  I've included a shorter summary below.

Scott.



1)    CAPTCHA alternatives.  I've also included a brief explanation of what the alternative is that's being proposed

2)    CAPTCHA best practice: this is the literature that discusses the strengths and weaknesses of current CAPTCHA solutions.   While our focus from last week is on the first point, there's some interesting papers in the second which I suspect twill be relevant in putting forward the case as to why current CAPTCHA solutions are challenging from an accessibility perspective.

Skimming through the papers, here's a few things I thought were of particular interest:


*         Most current CAPTCHAs aren't that secure anymore with a variety of automated techniques achieving about a 20% success rate, suggesting it probably takes humans longer to figure out the CAPTCHA then it does for a computer to crack one after a few attempts these days

*         New CAPTCHA solutions generally rely on image-based solutions, e.g. visually confirming if the image is a man or woman, human or avatar, etc.  The trend would still have accessibility issues.

*         Two standout papers from an accessibility/useability standpoint in my opinion are:

o   Miller, J. & Roshanbin, N. (2016) Enhancing CAPTCHA Security Using Interactivity, Dynamism, and Mouse Movement Patterns

o   Yang, T., Koong, C. & Tseng, C. (2015) Game-based image semantic CAPTCHA on handset devices

The first looks at a pattern matching process where usability is considered, the second looks at using a simple computer game as a CAPTCHA which would have the added benefit of making it more interesting.  There's also some arguments hat the Google reCAPTCHA, the one where you click on a tickbox stating 'I am a human' is reasonably accessible.  Admittedly I find these ones the easiest to deal with personally but don't know if it is actually accessible.

Overall from an accessibity perspective it seems to me that most existing CAPTHCAs are flawed from a security perspective and there's an incorrect assumption that people are using desktop computers along with everyone online expected to  understands English text characters - and that's before we even get to access-specific issues.  While the literature here doesn't appear to have any specific access solution, I'm encouraged by the fact that several solutions have endeavoured to ensure that people can use multiple interfaces and at least acknowledge that accessibility and usability need to be considered.


[Scott Hollier logo]Dr Scott Hollier
Digital Access Specialist
Mobile: +61 (0)430 351 909
Web: www.hollier.info<http://www.hollier.info/>

Technology for everyone

Keep up-to-date with digital access news - follow @scotthollier on Twitter<http://twitter.com/scotthollier> or e-mail newsletter@hollier.info<mailto:newsletter@hollier.info> with 'subscribe' in the subject line.

From: White, Jason J [mailto:jjwhite@ets.org]
Sent: Friday, 10 March 2017 4:15 AM
To: RQTF <public-rqtf@w3.org>
Subject: Interesting CAPTCHA-related work from Google

The following article and the announcement that it cites are relevant to our discussion of CAPTCHA.
https://thenextweb.com/security/2017/03/09/googles-ai-is-so-smart-it-doesnt-need-to-ask-you-if-youre-not-a-robot-anymore/#.tnw_a5fmq504#.tnw_70AOQr4k


________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________