Re: Example of accessible CAPTCHAS that work well

Just to put my two cents in, I will describe the technique that I 
developed for comments on my blog. (Commenting is currently switched 
off, as I need to overhaul the code for security and HTML5 reasons.)

The blog software maintains a whitelist of e-mail addresses. If someone 
posts a comment and their e-mail address is known, the comment has the 
published status set immediately.

If the e-mail address is unknown, the commenter is sent an e-mail with a 
verification link. Following this link adds the e-mail address to the 
whitelist and sets the comment status to published. I then have the 
option to delete the comment and either remove or blacklist the sending 
e-mail address, if I so wish.

In the event of non-delivery of the confirmation e-mail, I can still 
review and action unpublished comments, so there is always a fallback. 
Following the link therefore expedites publication and address 
whitelisting, but there is always the fallback of manual moderation.

Note - it is my personal belief that it is reasonable to assume that 
someone interacting with a web form, as opposed to just reading content, 
should have an e-mail account.

Whether you like this method or no, my underlying message is that 
screening of form submissions should NOT involve user interaction.

I have another technique that I have applied for client work using 
cookies and Javascript. Whilst it uses client-side interaction, it is 
the user agent, rather than the user, that does the work. (For those who 
still insist on Javascript as progressive enhancement rather than as a 
given, manual verification through an administrative interface may still 
be performed, although I have not implemented this.)

Cheers

M

-- 
Matthew Smith

Business: http://www.smiffytech.com
Blog:     http://www.smiffysplace.com
Linkedin: http://www.linkedin.com/in/smiffy
Flickr:   http://www.flickr.com/photos/msmiffy
Twitter:  http://twitter.com/smiffy

Received on Thursday, 17 November 2011 20:33:13 UTC