To CAPTCHA or Not to CAPTCHA, That is The Question? | npENGAGE

To CAPTCHA or Not to CAPTCHA, That is The Question?

By on Sep 18, 2012

Tagged:

Nonprofit Website

CAPTCHA stands for (Completely Automated Public Turing test to tell Computers and Humans Apart).

CAPTCHA for Nonprofits

The CAPTCHA program is able to protect websites because computer programs cannot read or understand distorted text the way a human can. The purpose of CAPTCHA is to create a positive online user experience during the transmission of sensitive data like logins, registrations, email or online payments.

However, there are many instances where the program can also unintentionally work against the user experience.

How does CAPTCHA work?

The use of CAPTCHA requires the user to type letters or numbers or combination of the two from a distorted image that appears on the web page. These images are automatically generated by the program on the screen for the purpose of blocking malicious programs because computer programs cannot interpret or translate images.

For this reason, the security benefits of CAPTCHA include: 

  • website registration protection
  • e-mail address protection
  • prevention of comment spam
  • protection of donation forms
  • protection of e-commerce transactions
  • protection of user logins

From the user experience, challenges can include:

  • jumbled letters and numbers
  • unrecognizable punctuation and characters
  • distracting lines that make letters and numbers hard to see or read
  • colors and print text that are hard to understand
  • automated questions the user may not know the answer to
  • math or logic equations that are beyond the users knowledge
  • user gives up trying to figure it all out and leave the site

Many of the above mentioned challenges can cause unwanted frustrations, distractions, and delays for users. Some will attempt to reload the CAPTCHA in hope of being able to figure out the next display and for some multiple reloads may be needed just to find that one they can read or understand just so can they submit.

Such delays for most will be considered frustrating and in turn will be viewed as a bad user experience. Frustrating experiences online can product loss of supporters, donors, and ultimately revenue.

How will I know if CAPTCHA is right for my website?

There is no right or wrong answer to this question, some CAPTCHA programs are better than others, but none are perfect. With that said I recommend gauging your audience.

In other words, take a review of who your community of users are. Is your community of the younger generation or of the senior generation? Or is your audience a combination of the two? Are your community of users web or tech savvy or not really? Do you anticipate any users that may have visual impairments where reading of the letters and numbers will be difficult for them? Do you anticipate users that will have language barriers? Will CAPTCHA be a barrier of hassles between you and your online community? And on the other side of the spectrum, you have to look at, what your experiences as the administrator have been.

For example, have you suffered fighting against spam, bots, or hacker attacks?

These are just a few of the variables that you will need to consider as well as those that can create potential challenges for your users and your website. Ultimately, you will need to decide what are my primary objectives? Am I trying to create a user-friendly online community? Or is my focus and priority security? How important is one versus the other and what will that mean for my online environment?

Weigh your options. Look at the pros and cons. Ultimately, the choice is yours. To CAPTCHA or not to CAPTCHA, that is the question.

Are you using CAPTCHA already? How has your use of CAPTCHA impacted your online presense?

 

ABOUT THE AUTHOR

Comments (10)

  • JP says:

    I like the idea of using CAPTCHA to filter out spam. However, what I don’t like is the way it’s sometimes implemented. The distortion is often so bad that I have to refresh the text multiple times before I get one that’s legible enough to type in. However, there’s a new version called New CAPTCHA that uses three upper case block letters that wiggle back and forth. It’s *so* much better from a user stand point. At times, I’ve gotten so frustrated with some CAPTCHA programs that I stop accessing certain web pages that use it. In those cases, I would call that a fail if it ends up losing you readers.

    • Crystal Watts says:

      Frustration, is definitely not the response wanted by most web administrators. When faced with such, many and myself included, will just seek other options and/or websites that offer easier solutions to accomplish the same tasks.

  • Guest says:

    I find that alternatives like this picture-based approach to CAPTCHA work much better and are much easier for people to use than the jumbled letters:
    http://www.confidenttechnologies.com/products/confident-captcha

    • Crystal Watts says:

      Picture based alternatives are a nice change. Most people wouldn’t mind making a picture selection on submission. In fact, these options are in use by many online banks.

  • John says:

    Another great alternative is Are You a Human
    http://www.areyouahuman.com

    They use quick simple games that are really fun

    • Crystal Watts says:

      Hi John,

      Yes, this is definitely an alternative; however, we need to consider the not so playful users as well. Some can be turned-off or could even devalue the site if forced to play a game before submission.

    • Bjorn Karlman says:

      Thanks John…

  • I would be more in favor of CAPTCHA if it wasn’t so crazy-makingly annoying to use.. the jumbled / illegible letters you mention are, at times, genuinely horrible.

    What are some other ways to prevent spam that you recommend?

  • depending on how complex/secure the CAPTCHA script is, the answer can also be sniffed out by a script or bot. The image itself is delivered using a randomly generated code, but many times the code is embedded in the tag itself. So if you know where to look, you can fool the form into thinking you’re human.

    Another approach I’ve seen used is to have a verification question, like “10+4=___” and this equation can change each time. Much easier on the eyes, and just as (if not more) effective because the answer can be stored outside the web page.

    Last approach, which would be more appropriate for longer forms, is to include the CAPTCHA or verification code on a confirmation page of the form BEFORE it’s submitted. The two-step process is clearly more complex for the user (which is why I recommend it for longer forms), but the trade-off is that it will most definitely curtail automated scripts.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Updates

Get nonprofit articles, best practice advice, fundraising ideas and invaluable industry reports and webinars delivered for free!