Should We Kill The CAPTCHA?
Front End posted by CMV Blog
Do you like CAPTCHAs? Don’t lie, of course you don’t. On a fun scale, you rank them right up there with dentists and IRS agents. However, as an intelligent web designer or developer you understand that they are a necessary annoyance.
But wait, are they really? Given the collective talent and intelligence of the web design community, is a fuzzy string of letters really the best that we can up up with? If users hate these things so much, why not come up with something new? Let’s explore this idea and see if we can inject some fresh ideas into the conversation.
Are CAPTCHAs Evil?
We’ve all been there before. You’re trying to log into a website or fill out a form and you’re thrown a piece of text that looks like it was hit by a tornado and informed that you have to decipher it in order to go any further.
Some people pretend that they don’t really mind this “necessary” step, but others turn green and go into a flat out Hulk rage at the mere sight of one of these evil gateways. And for good reason, just look at the screenshot below! In prepping for this article, I went to a site that contains a CAPTCHA that I wrestle with frequently. I kid you not, this is what I found right away:
Is that not the best CAPTCHA you’ve ever seen? The first part is pretty garbled, but I could probably guess my way through it. The second part though is almost entirely outside of the visible frame! Wondering how often this happens, I hit the refresh button twice and came up with another gem:
I’m not just being a jerk here, these are literally impossible to pass. On the occasions when the blasted thing managed to get all of the letters inside of the window, I would get something like this:
Easy right? So that’s “a-t-u-t… ummm… t-e-r-i?” I feel like a nearsighted kid at the optometrist making haphazard guesses at the letters across the room. Only there’s no courtesy piece of candy granted to me at the end of this traumatic experience.
For the sake of one last laugh, a friend of mine claims to have encountered this awesome CAPTCHA a few days ago. Apparently we’ve moved past simple words and into complex equations!
Not All Bad
To be fair, CAPTCHAs aren’t really evil. They serve a very valuable purpose. Spam is the real terror at work here and CAPTCHAs are merely the best way we can think up to prevent it.
You see, there are these clever bastards out there that dream up of ways to make the world worse and in doing so they invent spam bots that crawl all over the web and generally muck things up. With CAPTCHAs, we have a supposedly simple way to make sure that users are in fact humans and not blood-sucking spam demons.
Some CAPTCHAs even go further than that and make an attempt to further the world through humanitarian pursuits. For instance, the CAPTCHAs above are a specific breed known as a “reCAPTCHA.” These CAPTCHAs actually use people as OCR scanners. As you answer the CAPTCHA, you’re helping to turn scanned books into live digital text, a noble pursuit that helps the written treasures of the past live on in the digital age.
Is This The Best We Can Do?
It’s easy to complain when we encounter annoyances like CAPTCHAs online, especially if we fail to consider the valuable function they’re performing. However, it’s not valuable to whine just for the sake of getting it off your chest. Sure, you can say that someone’s solution to a problem sucks, but can you come up with something better?
I honestly believe we can. The CAPTCHA is a great idea in theory, but in practice it sucks and we all hate it when we encounter one. Unfortunately, it seems to be the spam prevention method that the web development community has settled on. They’re extremely popular and I have seen almost no one making any solid suggestions for how to move on to something else.
My problem is not necessarily that the CAPTCHA exists, or even that it’s popular, it’s that we don’t seem to be innovating around it. Great idea folks, but let’s move onto something that sucks a little less shall we?
In light of this, I’d like to start a discussion on some alternatives that might be a little easier on a user’s state of mental heath. The following are some basic ideas that come to mind.
Random Trivia Question
Why not just ask users a question? It shouldn’t be some difficult Trivial Pursuit head scratcher but a simple query that virtually anyone who can read that language can answer with little to no effort. Here’s an example:
This is much easier to deal with than the messed up atrocities of usability that we saw above. Granted, this is a simplified example that might be possible for a computer to parse on its own (Wolfram Alpha didn’t pass my test), but I’m sure you can come up with some better questions. If every CAPTCHA presents questions like this at random, it’ll be difficult for the spam hell hounds to keep up.
Multiple Choice Image Question
The current CAPTCHA system essentially just asks you a question about an image, so let’s run with that idea, but in a different direction that doesn’t make you want to pour Mountain Dew all over your keyboard just to watch it die. Here’s a quick example that I cooked up using a multiple choice format:
photo source: Cristian Ghe
As you can see, this is an extremely easy question for a human to answer correctly. Even young children can ace this test. However, programming a computer to interpret the image is much trickier. You could make it even more difficult by using a really abstract representation of an object, perhaps a sketch or some cartoony clipart.
Simple Image Question
If you don’t like the multiple choice route for some reason, scrap it! We can still use simple images to create questions for users to answer. The example below shows how this could be done:
photo source: keepon
How many bananas? Three of course! It’s that simple. The great thing about this format is that you could have a bunch of different questions for the same image and the spam bot would never know which one is coming. How many bananas? Does the photo above contain any oranges?
You could get really creative and ask about the nature of the image: Photograph or crayon drawing? The possibilities are endless and they’re almost all easier than deciphering the examples we saw earlier in this article.
Let’s drop the image ideas for a second and go back to exploring our plain text options. What if we just gave the user a random series of instructions to carry out?
Yet again, this is very easy for a human to do but a bot would quickly become confused. Even if you increased the complexity a little here, you’d still be well in the range of something that can be done quickly and easily.
A Note on Accessibility
Obviously, as with all CAPTCHAs, these ideas would need to be tweaked and improved so that the seeing and visual impaired would have options to pursue as well.
How Would You Make a Better CAPTCHA?
I’m just riffing here, I’m not remotely a security expert. It could be that all of these ideas are horrible, and that’s great! Give me some better ones! All I’m seeking to show is that we can and should be moving on past the annoying solution that our users hate by developing alternative methods that are easier, more fun and just as effective.
Now that you’ve seen some of my crazy ideas for killing the CAPTCHA and beating spam bots, I want to hear yours! Maybe you want to make CAPTCHAs fun and turn them into a game, or eliminate them completely in favor of some other type of security measure. Speak up and make the web suck less.