W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > January to March 2017

RE: example of accessible captcha? [SEC=UNCLASSIFIED]

From: MULLEN,Ross <Ross.Mullen@employment.gov.au>
Date: Tue, 31 Jan 2017 23:35:39 +0000
To: Karen Lewellen <klewellen@shellworld.net>, Adam Powell <adam@adaminfinitum.com>
CC: David Best <davebest@cogeco.ca>, WAI Interest Group <w3c-wai-ig@w3.org>
Message-ID: <7405ec6168ad42c9b01fe9033c13c08c@NPRIEXN600s03.nation.radix>

Hi Karen,

The approach we've been researching is layered security. Using the honeypot method combined with email verification (asking the user to click a link) combined with checking how quickly a form was submitted. If one of those layers is breached there are another two acting as other checks.

Google's ReCaptcha mechanism is great until it detects unusual user behaviour and it reverts back to the terrible audio or image challenges, so we make recommendations to avoid using it altogether.


-----Original Message-----
From: Karen Lewellen [mailto:klewellen@shellworld.net]
Sent: Wednesday, 1 February 2017 9:57 AM
To: Adam Powell
Cc: David Best; WAI Interest Group
Subject: Re: example of accessible captcha?

Hi Adam,
Your example is really terrific.
But Pooh,  who came  up with the term Honeypot  for the "leave this field blank," concept?
Frankly I like those best of all, hey if you are human just ignore this space.
I dare say the combination logic / honeypot creates a strong level of security.  Will provide your  example  to those asking as well.

On Tue, 31 Jan 2017, Adam Powell wrote:

> Hi All,
> This page has one on a contact form I created:
> http://abacusadvertising.com/contact/

> It's similar to the examples above in that it uses logic and text but 
> I have given it my own twist in that I use a question about coin 
> denominations.
> I wouldn't use that exact example on sites I expected would get 
> international traffic, "dime" is probably not clear to non-native speakers.
> In those cases I usually use something like "thirteen if you take away six"
> or "19 minus twelve leaves"
> I used a WordPress plugin called Ninja Forms and one of the things I 
> really like is when you add an "anti-spam" field to a form, it allows 
> the form author to create any question they want and then provide any 
> correct answer they want so it gives a lot of flexibility in making 
> language/logic based captchas. You could use it to implement any of 
> the techniques on this thread.
> That form also has a honeypot (field that's hidden with CSS or JS) 
> which is a great way to fight spam. It has a label telling users not 
> to fill it in so it should be accessible as well.
> That combination is really effective at fighting spam but doesn't seem 
> to cause people problems.
> Hope that helps.
> ​Adam Powell
> http://www.adaminfinitum.com​

> On Tue, Jan 31, 2017 at 4:07 PM, David Best <davebest@cogeco.ca> wrote:
>> Karen, check out the following websites:
>> User account | Alliance for Equality of Blind Canadians 
>> http://www.blindcanadians.ca/user/register

>> Contact Us | T-Base Communications
>> http://www.tbase.com/webform/contact-us

>> Accessible University Mock Site - Accessible Version 
>> http://www.washington.edu/accesscomputing/AU/after.html

>> David
>> -----Original Message-----
>> From: Karen Lewellen [mailto:klewellen@shellworld.net]
>> Sent: January 31, 2017 02:11 PM
>> To: w3c-wai-ig@w3.org
>> Subject: example of accessible captcha?
>> Greetings all,
>> I seek a site that uses a captcha which does not involve an image.  
>> by which I mean one using a math problem, or some other  interaction 
>> that differs from the letter number things often used.
>> Ideas?
>> Thanks,
>> Karen

The information contained in this email message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, disclosure or copying of this email is unauthorised. If you received this email in error, please notify the sender by contacting the department's switchboard on 1300 488 064 during business hours (8am - 5pm Local time) and delete all copies of this transmission together with any attachments.
Received on Tuesday, 31 January 2017 23:36:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 31 January 2017 23:36:48 UTC