I hate CAPTCHA! Doesn’t everyone? Including your prospective customers? Is CAPTCHA hurting your website conversions? Probably…
Type “I hate CAPTCHA” into the Google search box and you’ll find over 30,000 web pages that contain that exact phrase. Entering “CAPTCHA sucks” shows over 19,000 web pages ranting about it. I’m certain many more people hate it, too, but they either don’t know what it’s called, don’t know how to spell it or don’t do web rants. You can bet they are frowning at their pc monitors whenever they are presented with one, though. And if you find CAPTCHAs difficult to solve, think about the effect they may have on your coke-bottle-glasses wearing grandpa.
If you type “impossible CAPTCHA images” into the Google search box, you’ll find 638,000 examples of CAPTCHA images that humans have labeled as impossible. While some of them don’t really look hard to solve, you will be simply amazed by others. Here are just a few examples:
Here’s a link to other unbelievably crazy CAPTCHAs found in the wild by Ann Smarty.
It’s annoying and frustrating to be slowed down by jammed together, slashed-through, distorted, blurred and otherwise obfuscated letters while I am trying to use a tool or make a comment or submission of some kind. I realize that website owners need to protect themselves from automated spam, but in a way too many cases these visual puzzles are a barrier to humans, as well as to bots. What do you think this one says? (I have no idea!)
Some sites, like Yahoo, use fairly simple versions of CAPTCHA – 5 or 6 letters and numbers that are usually, but not always, decipherable on the first try. On the other hand, I often find myself cussing and squinting at the Google CAPTCHAs, which seem to keep getting longer and more complex and confusing.
The now-ancient Search Engine, Alta Vista began working on a solution to automated spam submissions in 1997 (Remember when SEO’s used to submit to a bazillion Search Engines every month?) In 2001, they received a patent for CAPTCHA. By 2002 Alta Vista reported “add url” spam had decreased by over 95%. Yahoo was one of the early adopters of CAPTCHA, as it attempted to thwart the creation of spam Yahoo email accounts by bots.
The term CAPTCHA was coined by researchers at Carnegie Mellon University and stands for “Completely Automated Public Turing test to tell Computers and Humans Apart. Wheeew!
Effective CAPTCHA must prevent bots from using dictionary-based attacks – where the bots try every word in the dictionary – and also against computer image attacks – where the bots attempt to read and replicate the letters and numbers in the image field. Some of the early techniques for doing so included letter strings that created words that are unpronounceable in English and image masking. Some of the modern versions use these two techniques together to thwart spammers.
Some websites can keep most of the spammers out by using simple, more human-friendly forms of CAPTCHA. Examples are easy mathematical questions, like How much is 2 plus 3?, or real life questions, such as What color is celery? Or What’s a three letter synonym for canine? Strive for a similarly simple way to keep spammers from causing havoc on your website, if you can. In other words, don’t use a sledgehammer where a light tap will do.
However, if you have a very popular site, you may find yourself the victim of more sophisticated attacks. Nearly every type of CAPTCHA puzzle has been broken at one time or another, so your web team may regularly have to step up its defense efforts with tougher and tougher security weapons.
One particularly diabolical and effective method of breaking CAPTCHA codes is to relay them to super-cheap off-shore workers who are paid by the number of CAPTCHAs they solve. The going rate is rumored to be under $2 per thousand, which certainly sounds more cost effective than building CAPTCHA-circumventing software. It’s also incredibly difficult to protect yourself against.
Audio alternatives, where you hear something and are expected to type it into the CAPTCHA solution field, are also frustrating and annoying. Many times you cannot understand what is being said and in other cases, you are expected to type 7-8 words into a box.
If you use CAPTCHA on your site, it is most certainly an obstacle to goal completion. Measuring the abandonment rate of the pages that require CAPTCHA should give you a sense of just how it is effecting your conversions. I’ve seen estimates that as many as 25% of solutions fail on the first try and that up to 10% of potential customers presented with a CAPTCHA, simply give up and move on without completing it.
If you have an online banking site or an application that’s juicy bait for spammers, you need sophisticated spam prevention and probably can’t avoid frustrating your users to some extent. But if you don’t really need top level security, consider using something simpler or try eliminating CAPTCHA altogether to see what effect it has on website conversions. If you must use something, try to imagine a test that could be fun (or not quite so annoying) for your visitors, like the test on this electronics site and the simple CAPTCHAs beneath it: