CAPTCHA if you can

Internet security is always top of the agenda and new security technology is continually being released. Although first coined in 2000 CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) technology has only really become more prominent over the last couple of years. CAPTCHA attempts to distinguish between a computer and human by asking you to type in some hard to decipher random characters represented by an image, the idea being that any automatic spamming bots can’t figure out what the characters are (through image recognition) so therefore can’t register/log in to spam the website in question. It’s more of a reverse turin test because the Computer is testing the human rather than vice versa.

An example of a CAPTCHA image, courtesy of Wikipedia.
A CAPTCHA Image - Thanks Wikipedia

Certainly this is a clever solution to the problem of spamming and mass automated marketing but does it work? Well, no solution can be 100% secure and as some research at Simon Fraser University (Vancouver, Canada) suggests CAPTCHA is certainly not.

There are of course both usability and accessibility issues with CAPTCHA. Audio versions of CAPTCHA try to allow users who are visually impaired to pass the “test”. Though there is some debate as to how effective these are due to the background noise required to prevent audio recognition.

My personal experiences of CAPTCHA aren’t all that great; sometimes I have found the characters completely undecipherable and have had to refresh the image (where this is available) until something I can understand is displayed.

I sympathize with the websites as I can see why they are using CAPTCHA, after all who would visit a forum which had been completely overrun with marketing spam? However, is it worth potentially alienating or frustrating users of your site? After all, it is the website (a potential business) which should be convincing the user (a potential customer) to register and potentially spend their money there. Not the user which should be convincing the website that they are suitable to use the website. If a website annoys someone and isn’t usable then they’ll simply go somewhere else. With more and more advanced spam detection available websites should be employing a system which combines automatic detection with pre-post moderation to prevent mass-marketing/spamming.