traditional captcha
play

traditional CAPTCHA and its replacement Dr Scott Hollier A11y - PowerPoint PPT Presentation

The death of traditional CAPTCHA and its replacement Dr Scott Hollier A11y Bytes Perth 2018 Technology for everyone What is CAPTCHA? Completely Automated Public Turing test to Tell Computers and Humans Apart (CAPTCHA) Purpose: to


  1. The death of traditional CAPTCHA and its replacement Dr Scott Hollier A11y Bytes Perth 2018 Technology for everyone

  2. What is CAPTCHA? • Completely Automated Public Turing test to Tell Computers and Humans Apart (CAPTCHA) • Purpose: to stop bots from harvesting data

  3. Traditional CAPTCHAs • Task: to identify a distorted set of characters from a bitmapped image, then enter those characters into a form.

  4. CAPTCHAs and web accessibility • Impossible for people with low vision • Incompatible with screen readers making it impossible for blind users • Assumes familiarity with the English character set • Not intuitive making it difficult for people with cognitive disabilities • Alternatives can be difficult too

  5. Traditional CAPTCHA issues

  6. Audio CAPTCHA • Do you type in ‘9’, ‘Nine’ or ‘nine’?

  7. W3C WAI APA RQTF • Research Questions Task Force (RQTF) has researched CAPTCHAs and accessibility to update 12-year- old CAPTCHA advice document • I’ve authored most of the new revision currently pending approval

  8. Findings • 20% of traditional CAPTCHAs can be cracked easily • This figure is much higher using pattern-matching algorithms • Not only are traditional CAPTCHA solutions (visual, audio) inaccessible but also insecure

  9. Best practice • reCAPTCHA checkbox • Federated identity • Multiple devices with biometrics • E-mail verification

  10. reCAPTCHA checkbox • reCAPTCHA works by monitoring human movement. Works well for security and accessibility but defaults to inaccessible CAPTCHA if not sure.

  11. reCAPTCHA in action

  12. Conclusion • Traditional CAPTCHAs are not just inaccessible but also no longer secure • reCAPTCHA checkbox good but has inaccessible fallback • Other mechanisms such as federated identity, multiple devices and biometrics are best practice

  13. Further information • E-mail: scott@hollier.info • Website: hollier.info • Mobile: +61(0)430 351 909 • Twitter: @scotthollier • Newsletter: newsletter@hollier.info • Book: outrunningthenight.com

Recommend


More recommend