CAPTCHA

Avoid using CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) as a website’s first defence against computer bots submitting forms.

Meeting the Web Accessibility Standard

If non-text content is used as a CAPTCHA and the following are both provided, this meets WCAG 2 Success Criterion 1.1.1 Non-text Content (Level A):

a text alternative that identifies and describes the purpose of the non-text content
alternative forms of CAPTCHA using output modes for different types of sensory perception to accommodate different disabilities.

What is CAPTCHA?

CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.

Its purpose is to distinguish a human user from a computer by challenging the user with a test that a human can solve, but a computer cannot. This is to stop computer bots submitting forms, such as login, email or comment forms.

A CAPTCHA might take the form of:

an image presenting a word or string of characters that is difficult to decipher visually
A collection of images where the user is to identify all those images showing the same common object — for example, traffic lights
a simple logic-based language or mathematical question — for example, ‘Is ice hot or cold?’ or ‘What is 2 + 3?’.

There are many types of CAPTCHA, but image-based CAPTCHAs are the most common.

As computer bots get more sophisticated, CAPTCHAs are becoming more complex or difficult to solve, even for human users.

CAPTCHA accessibility concerns

All CAPTCHAs introduce some kind of usability hurdle and many also present significant accessibility barriers.

Most CAPTCHAs block access to one or more type of user, including those that use more than one modality, such as an image CAPTCHA for the sighted and an audio CAPTCHA for the vision impaired.

Examples of how CAPTCHA blocks access to some users

Version 2 of Google’s popular reCAPTCHA service checks a user’s behaviour and, if this is suspect, it presents sighted users with an image challenge, and vision-impaired users with an audio challenge. However, this service blocks access to people who are deaf-blind.

For more, see reCAPTCHA v2 — Google Developers.

CAPTCHAs that involve logic or language questions may be extremely difficult for some users with reading or learning impairments, or English as a second language.

For more about accessibility issues when using CAPTCHA, see Inaccessibility of CAPTCHA — W3C.

Best practices for using CAPTCHA

If a CAPTCHA that requires user interaction is deemed necessary, make the test as easy as possible.

Score-based reCAPTCHA v3

Version 3 of reCAPTCHA returns a score based on the user’s interaction with the site. A low score indicates a likely bot, at which point the site owner can decide how to respond. For instance, the site might ask the user to perform one of 2 methods that can be made 100 % accessible to all users:

2-factor authentication
email verification.

For more, see reCAPTCHA v3 — Google Developers.

Image-based CAPTCHAs

If an image CAPTCHA is used, provide:

a text alternative that identifies and describes the purpose of the image, and
alternative forms of CAPTCHA using output modes for different types of sensory perception to accommodate different disabilities.

For more details and help with this, see the following WCAG guidance and techniques:

Non-CAPTCHA approaches

Given the accessibility issues with CAPTCHAs, avoid them where possible and instead implement alternatives to prevent or reduce the submission of forms by bots while minimising barriers to disabled people.

For alternatives to CAPTCHAs, see State-of-the-art Approaches — Inaccessibility of CAPTCHA — W3C.

Testing CAPTCHA

With any type of CAPTCHA, ensure that it uses output modes for different types of sensory perception in order to accommodate different disabilities.

For an image-based CAPTCHA, ensure that a text alternative is provided that describes the purpose of the non-text content.