A Time and Place for CAPTCHAs
Sadly, we still live in a web world where we need to protect our sign-up, contact and registration forms with anti-spam technologies like the dreaded CAPTCHA.
On paper, the Completely Automated Public Turing Test To Tell Computers and Humans Apart is a good idea. The technology helps site owners differentiate between real humans and bots/code that can read these types of codes and gain access to services, where they can most often be used for spamming and other nefarious purposes.
If you ran a blog or forum, and need to tell humans from bots, then CAPTCHAs are great. But for users, CAPTCHAs are annoying, not to mention barely accessible.
They are difficult to use, in any form. Whether typing in squiggly numbers, or picking out the kitty cat in a choice of photos, or dragging the logo into a box, they are hard for users to understand and successfully use.
I had an experience today with CAPTCHAs that left me stunned.
My healthcare provider is transitioning to a new health charting and messaging system. In order to register for the site, I have to offer a large amount of information about myself, including address, email, full name, birthdate, and most critically — my medical record number, unique to me.
At the bottom of this form was a CAPTCHA.
Why was there a CAPTCHA? Filling out this form didn’t grant me automatic access, it only registered me into the system. I assume once in there, my information would be checked and only then would I receive yet another piece of information — a registration code, I would use on yet another form.
A good rule of thumb for CAPTCHAs: if you’re asking for information in any detail that you will use to compare to existing data to prove an identity, you don’t need a CAPTCHA.
If you need only a small amount of information that is difficult to verify, such as a social network, then by all means use a CAPTCHA.
Creating bank account: no CAPTCHA.
Creating forum account you plan to use to troll n00bs: CAPTCHA.
Buying tickets to a concert? Annoying, but ok, CAPTCHA.
Think about the users. Please.
Originally published at highedwebtech.com.