The Usability of Captchas

So it's clear that we need a solution, but are Captcha fields the right answer?
UX article - The Usability of Captchas

If you've managed an online contact form or a blog with comments then you'll be well aware of why Captcha fields came along. Spam bots are released onto the web and like sentinels to find forms and comment fields leaving web masters with loads of unusable data. Spammed data can often outnumber legitimate data in magnitudes greater than 20:1.

So it's clear that we need a solution, but are Captcha fields the right answer?

Issues with Captcha fields

Captcha's are difficult to decipher.

You're probably thinking “No kidding”. It's ironic that as human centric designers we constantly aim to improve the efficiency and usability of our sites in order to increase conversions, however we often end up having to place a gigantic hurdle in our forms.

Captcha's annoy users


A large portion of people browsing the web may not even know why we use captchas and may become irritated at the implication of being untrustworthy.  

The burden is put on legitimate users.

In order to secure our sites from spam, we're actually penalising legitimate users that we want using our services.

Captchas have accessibility problems

People with lowered vision or potentially even intellectual disabilities will have an even harder time with captchas. Audio captchas are also known to be more difficult than image captchas.

Captchas can create culture barriers


Captchas may be difficult for foreigners to decipher.


While some of the alternatives below may not address each of the issues above, they may make life just a little more pleasant for your users.

Honeypot validation

The honeypot method avoids the user having to complete any potentially painful captchas during completing of forms. Basically a hidden form field is coded into the page to trick the spam bot. Since spam bots typically only consume the HTML code of the page they are not aware that this field is hidden. If the hidden field is has data in it when the form is submitted, the validation step will determine that only a spambot could have entered the data in this field and therefore the submission is discarded.

While this sounds like and ideal solution in theory, in practice accessibility screen readers will still identify the field and so impaired users are likely to enter data and cause the form to fail.

Time validation

Spambots Typically complete forms much faster than humans. With this in mind your site can determine how long it took to complete the form and then determine if this speed is humanly possible.

This method can also fail if form data is pre-filled by browser auto-complete services. A possible way around this might be to only show a captcha if your site assumes the data was entered by a bot. This will save the majority of your users from ever seeing it.

Verified Sign in

If your form is related to member registration, you can also use a login service from other accounts like Google, Facebook, Twitter etc. If implementing a number of different login services seems problematic, you can also consider using a profile management provider like Janrainwhich can connect through multiple services.

Make Captchas entertaining

If all else fails and you find that captchas are the only method that will work for you, you might as well make them a little more fun for you users. AreYouHuman offers simple games that the user must complete as opposed to trying to decipher text. Naturally there are accessibility concerns with this method though.

Other possibilities include asking a simple question like “what is 1+1” or forcing captchas to only use dictionary words to make them easier to decipher.