COGA (accessibility for people with cognitive disabilities) Issue Paper: Web Security Technologies: CAPTCHA

Description of the Technology

CAPTCHA is typically a website widget that prevents automated programs from submitting a web form intended for humans by requiring humans to pass a test. Such tests present distorted text visually and/or aurally; and require the form-submitter to enter that text into a field, and invoke a submit button.

Challenges for People with Cognitive Disabilities

CAPTCHA often blocks people with cognitive and/or physical disabilities who cannot discern the text they are required to enter and submit. The scope of the problem is vast because, for example, people with disabilities are prevented from purchasing goods and registering for services on the millions of websites that use CAPTCHA.

Effect of memory impairments

People with cognitive disabilities:

• may have to look at or listen to presented text several times to copy it into the CAPTCHA form field
• may not recall steps needed to complete a CAPTCHA if an authenticated session expires.
• may not become accustomed to CAPTCHA because there are multiple versions of it

Effect of impaired executive function

People with cognitive disabilities may not:

• complete the multi-step procedure for submitting the CAPTCHA text
• complete a timed CAPTCHA due to slowness in completing all steps
• complete a CAPTCHA even if it provides multiple opportunities to do so
• enter characters in the correct order
• be able to determine the purpose of CAPTCHA sufficiently or at all

Effect of attention-related limitations

People with cognitive disabilities may not focus due to:

• irrelevant instructions, such as "stop spam" and "read books"
• presentation of multiple options, such as "Refresh", "Listen", and "Help"

Effect of perception-processing limitations

People with cognitive disabilities may not:

• read CAPTCHA text at all because of the intentional distortion of it
• comprehend text that can't be enlarged without additional distortion
• understand the purpose of buttons such as reset, listen, and help
• recognize functional elements, such as buttons, are clickable
• understand text spoken in a computerized and distorted voice
• recognize characters if they do not form words, or are shown in different fonts/styles

Effect of reduced knowledge

People with cognitive disabilities:

• may not have the advantage of comprehending the meaning of words or images

Proposed Solutions

Criteria for CAPTCHA Redesign, or for CAPTCHA-like Alternatives

• Provide text alternatives that identify and describe the purpose of the non-text content.
  • See WCAG 2.0 Guideline 1.1.
• Turn off or adjust time limits, including allowing continuation of activity without reauthentication.
  • See WCAG 2.0, Guideline 2.2.
• Help users avoid and correct mistakes.
  • See WCAG 2.0, Guideline 3.3.

Alternatives to CAPTCHA

• CAPTCHA-less Security, Karl Groves, April, 2012.
• Spam-free accessible forms, WebAIM, Utah State University, March, 2007.
• Inaccessibility of CAPTCHA: Alternatives to Visual Turing Tests on the Web, World Wide Web Consortium, November, 2005.
• A honeypot that is:
  • an input field
  • hidden using CSS
  • labeled with a field name atypical of forms
  • clearly identified with instructions, for AT users, and for others whom have disabled CSS, not to fill it in
  • checked to determine if something was entered
  • used to reject a submission if something was entered

Note: The honeypot-field solution will not work for popular websites because spammers will likely expend the effort to defeat it.