W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > October to December 2011

Re: Antw: Re: Example of accessible CAPTCHAS that work well

From: Phill Jenkins <pjenkins@us.ibm.com>
Date: Thu, 17 Nov 2011 15:49:09 -0600
To: "Mario Batusic" <Mario.Batusic@jku.at>
Cc: "Denis Boudreau" <dboudreau@accessibiliteweb.com>, "Karl Groves" <karl@karlgroves.com>, "Patrick H. Lauke" <redux@splintered.co.uk>, w3c-wai-ig@w3.org
Message-ID: <OF83B0614D.E08F3016-ON8625794B.0076FE3C-8625794B.0077DC99@us.ibm.com>
hmm,
Mario wrote: ". . . The idea is simple: in the form there is an additional 
field for this fake captcha. The field is hidden from the user in the CSS. 
. ."
Seems to me this would fail with screen readers, magnifiers, and keyboard 
users if the key board navigation still gets to the so-called hidden 
field.  I suppose one could add a negative tab-index to remove it from the 
navigation sequence, but I would like to test one out before recommending 
this alternative technique. 

Phill Jenkins, 
IBM Research - Human Ability & Accessibility Center
http://www.linkedin.com/in/philljenkins




From:   "Mario Batusic" <Mario.Batusic@jku.at>
To:     "Karl Groves" <karl@karlgroves.com>, Phill 
Jenkins/Austin/IBM@IBMUS
Cc:     "Denis Boudreau" <dboudreau@accessibiliteweb.com>, "Patrick H. 
Lauke" <redux@splintered.co.uk>, <w3c-wai-ig@w3.org>
Date:   11/17/2011 03:25 PM
Subject:        Antw: Re: Example of accessible CAPTCHAS that work well



Hi!
Short time ago I found a CMS Drupal module with a very nice captcha 
implementation. This one lets the users unbothered. The idea is simple: in 
the form there is an additional field for this fake captcha. The field is 
hidden from the user in the CSS. The normal bots ignore CSS and fill all 
fields with some garbage. If the submitted form check finds the hidden 
field filled with data, the form is discarded.
 
Ciao     Mario

>>> Karl Groves <karl@karlgroves.com> schrieb am 17.11.11 um 21:52 in 
Nachricht 
<CABScKPAcc26E5rsdZ+FpTLyLrMX4Z-9FkwUVPhYg5wPvTMrbrg@mail.gmail.com>:
The Smashing Magazine article cited by Phil and Jennifer is a good one
and one which should be shared among those who advocate for CAPTCHA.
I question whether many of the so-called alternatives are truly
alternative in security.  I think the article is honest regarding each
method's strength and weaknesses.

As a developer myself, fighting spam and abuse is an ongoing battle
that most people (even most web designers) really know little about.
I've worked with clients whose sites get 10,000 pageviews per second.
Companies like that are under constant barrage from people trying to
gain illegitimate access to their resources.  We need to keep this in
mind when discussing potential alternatives to CAPTCHA.

I'm by no means an advocate for CAPTCHA. I don't use it and never
have.  But we need to keep in mind that some so-called "alternatives"
really are not alternative in terms of security, and any proposed
alternative should offer an equivalent level of security while also
being accessible.

Karl


On Thu, Nov 17, 2011 at 2:24 PM, Phill Jenkins <pjenkins@us.ibm.com> 
wrote:
> This March 2011 article is worth reading
> 
http://coding.smashingmagazine.com/2011/03/04/in-search-of-the-perfect-captcha/

>
> several alternatives to CAPTCHAS discussed.
>
> Regards,
> Phill Jenkins,
>
>
>
>
>
> From:        Denis Boudreau <dboudreau@accessibiliteweb.com>
> To:        "Patrick H. Lauke" <redux@splintered.co.uk>
> Cc:        w3c-wai-ig@w3.org
> Date:        11/17/2011 12:39 PM
> Subject:        Re: Example of accessible CAPTCHAS that work well
> ________________________________
>
>
> Hello all,
>
> On 2011-11-17, at 12:24 PM, Patrick H. Lauke wrote:
>
>> On 17/11/2011 16:12, Ginger Claassen wrote:
>>> Regarding accessible CAPTCHAS I found a very few so far where one has 
to
>>> solve a very simple mathmatical question e.g. How much is 3 + 4?
>>> In my opinion that is quite accessible or do I oversee something here?
>>
>> Could it pose problems for users with cognitive disabilities? And
>> generally just weird out users ("why is this website asking me this?") 
and
>> require lengthy explanation? My mum would be left wondering, anyway...
>
> Not only that, but the easier those equations are, the easier bots can 
crack
> them too. So we're rapidly back to square one.
>
> /Denis
>
>
>
>
Received on Thursday, 17 November 2011 21:51:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 17 November 2011 21:51:14 GMT