It’s time to get rid of CAPTCHA

April 16, 2016

Get rid of CAPTCHA

 

Humans build computers and interact with them to simplify their lives. Computers show promise. But, somewhere along the line, during the interactions, the computers begin to get confused between humans and fellow computers. To counter this, the computers decided to ask humans to identify themselves since they felt it is easier to do so than to recognize their brothers with sinister intentions. And voila, we have captcha!

What an irony. We are being asked by a machine to prove ourselves that we are what we are, humans. And believe me, we built this to humiliate ourselves. My argument – why can’t the computers conduct tests on bots and take decisions rather than asking humans and annoy them?

Though they form a good spam-shield, captchas can get very annoying when it comes to their presence in the most unexpected areas like payment confirmations and ticket reservations. What we are forgetting is, under the veil of security we are jeopardising something called as User Experience. Let me try to explain with an example. irctc.co.in is a ticket booking website of Indian Railways. As part of a personal study, I wanted to understand how people react to the presence of captchas on this site. Here is the gist.

  • An overwhelming majority of the users do not know why such checks are needed. Out of 22 people I spoke to, just one person knew the ‘real’ story of captcha.
  • A few felt that it was some weird ‘test’ they must pass to book tickets. On top of it, they found it ridiculous because the answer for the test is right there to see!
  • All of them wanted to get rid of such checks because they induce a degree of panic. Panic? Yes, IRCTC’s website gets flooded with booking requests every second. You must feel lucky if you succeed in booking tickets during peak hours. In such a mad rush, just imagine not being able to book tickets because of a stupid reason like failing to identify and enter exact text – awful. You have money, and there were empty seats to book but you couldn’t because of your failure to get through the captcha.
    Don’t be surprised if I mention that there is a blog post that was written with a noble intention to help fellow passengers on how to interpret IRCTC’s captchas!

[Probably IRCTC heard from their users; they have readable captchas now instead of the evil distorted pictures. Blessing in disguise?]

I think it is very much the time to kill captchas and start building something that can thwart the bot attack. The need is even more significant because Vicarious, a San Francisco-based startup, showcased that captchas could be cracked!

While the tech community finds a viable solution to this menace, I would suggest designers to find ways to avoid captchas consciously and not to treat them as fancy tech toys. One must strategically assess the need of a captcha based on the context and usage patterns, before proceeding. Even then, I would advise choosing a less painful approach, like a slide-to-submit button (not an ideal solution for keyboard-only users) OR a phone-based verification OR honeypot captchas (based on hidden fields). Whatever might be the alternative, one must perform a bunch of usability tests and proceed if the results are favourable. Let users feel that they are respected.

 

 

Leave a Reply