Why CAPTCHAs don't work well

CAPTCHAs are tests (usually using images) designed to ensure a human is using a service, denying access to screen-scrapers and abusive script kiddies. Unfortunately they create usability and accessibility problems and can be circumvented. They are a flawed concept overall. Here are some links to sites discussing their use and problems:

  1. CAPTCHAs on Wikipedia
  2. CAPTCHAs are fallible
  3. CAPTCHAs are inaccessible
  4. more CAPTCHA inacessibility discussion
  5. we can do better than CAPTCHAs

Yahoo! Mail recently presented me with CAPTCHAs before they’d even let me send an email. The messaging on the page said it was to prevent spam. Their software may have decided I was likely a spammer based on the message, because I’ve never gotten CAPTCHAs before or since from them. Another possibility is that I was randomly selected for a test. In any case the images were almost completely unreadable. It took me three tries to get through, and I’m a computer programmer – I’d think I would be better able to pass a CAPTCHA than an average user. Here are the images, in the order I saw them:

CAPTCHA 1 from Yahoo! Mail

CAPTCHA 2 from Yahoo! Mail

CAPTCHA 3 from Yahoo! Mail

I still have no idea what the first two are. Please, if you are considering using a CAPTCHA on your website, think again.

Edit Yahoo! Mail replied to my complaints and told me they only show CAPTCHAs when their software detects someone trying to send spam. Unfortunately, their response also indicated they don’t “get it” about usability, and my comments will probably never make it beyond a customer service moron. I was really hoping someone in management would sit up and take notice, but I guess that won’t happen.

I'm Baron Schwartz, the founder and CEO of VividCortex. I am the author of High Performance MySQL and many open-source tools for performance analysis, monitoring, and system administration. I contribute to various database communities such as Oracle, PostgreSQL, Redis and MongoDB.