W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > October to December 2011

Antw: Re: Example of accessible CAPTCHAS that work well

From: Mario Batusic <Mario.Batusic@jku.at>
Date: Thu, 17 Nov 2011 22:22:25 +0100
Message-Id: <4EC5892102000013000A6D09@gwia1.im.jku.at>
To: "Karl Groves" <karl@karlgroves.com>, "Phill Jenkins" <pjenkins@us.ibm.com>
Cc: "Denis Boudreau" <dboudreau@accessibiliteweb.com>, "Patrick H. Lauke" <redux@splintered.co.uk>,<w3c-wai-ig@w3.org>
Hi!
Short time ago I found a CMS Drupal module with a very nice captcha implementation. This one lets the users unbothered. The idea is simple: in the form there is an additional field for this fake captcha. The field is hidden from the user in the CSS. The normal bots ignore CSS and fill all fields with some garbage. If the submitted form check finds the hidden field filled with data, the form is discarded.
 
Ciao     Mario

>>> Karl Groves <karl@karlgroves.com> schrieb am 17.11.11 um 21:52 in Nachricht <CABScKPAcc26E5rsdZ+FpTLyLrMX4Z-9FkwUVPhYg5wPvTMrbrg@mail.gmail.com>:

The Smashing Magazine article cited by Phil and Jennifer is a good one
and one which should be shared among those who advocate for CAPTCHA.
I question whether many of the so-called alternatives are truly
alternative in security.  I think the article is honest regarding each
method's strength and weaknesses.

As a developer myself, fighting spam and abuse is an ongoing battle
that most people (even most web designers) really know little about.
I've worked with clients whose sites get 10,000 pageviews per second.
Companies like that are under constant barrage from people trying to
gain illegitimate access to their resources.  We need to keep this in
mind when discussing potential alternatives to CAPTCHA.

I'm by no means an advocate for CAPTCHA. I don't use it and never
have.  But we need to keep in mind that some so-called "alternatives"
really are not alternative in terms of security, and any proposed
alternative should offer an equivalent level of security while also
being accessible.

Karl


On Thu, Nov 17, 2011 at 2:24 PM, Phill Jenkins <pjenkins@us.ibm.com> wrote:
> This March 2011 article is worth reading
> http://coding.smashingmagazine.com/2011/03/04/in-search-of-the-perfect-captcha/
>
> several alternatives to CAPTCHAS discussed.
>
> Regards,
> Phill Jenkins,
>
>
>
>
>
> From:        Denis Boudreau <dboudreau@accessibiliteweb.com>
> To:        "Patrick H. Lauke" <redux@splintered.co.uk>
> Cc:        w3c-wai-ig@w3.org
> Date:        11/17/2011 12:39 PM
> Subject:        Re: Example of accessible CAPTCHAS that work well
> ________________________________
>
>
> Hello all,
>
> On 2011-11-17, at 12:24 PM, Patrick H. Lauke wrote:
>
>> On 17/11/2011 16:12, Ginger Claassen wrote:
>>> Regarding accessible CAPTCHAS I found a very few so far where one has to
>>> solve a very simple mathmatical question e.g. How much is 3 + 4?
>>> In my opinion that is quite accessible or do I oversee something here?
>>
>> Could it pose problems for users with cognitive disabilities? And
>> generally just weird out users ("why is this website asking me this?") and
>> require lengthy explanation? My mum would be left wondering, anyway...
>
> Not only that, but the easier those equations are, the easier bots can crack
> them too. So we're rapidly back to square one.
>
> /Denis
>
>
>
>
Received on Thursday, 17 November 2011 21:23:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 17 November 2011 21:23:27 GMT