Before putting CAPTCHA on your next web form

prasanth — Tue, 04 Aug 2009 11:33:45 +0000

CAPTCHA has become common part in almost any web form now-a-days. It has become increasingly difficult to decipher the code even for extra-ordinary humans !

There are several discussions on the usability issues of CAPTCHA (here are some more). A bad CAPTCHA can bring down the number of form submissions considerably. You may lose leads, business, or contacts just because of an inappropriate CAPTCHA.

Let’s see when to use CAPTCHA (importantly, when not to use) and if at all required, how to make it easier for your visitors.

Why CAPTCHA at all?

CAPTCHA is for preventing bots from automatically submitting your form. These web bots are programs that leech through the web pages. When it finds a form, it fills the form with a spam message and submits.

Why would someone send a web-bot to submit your form? What is their gain?

If the form submission appears immediately on a web page, the spammer can get back links to his website

The examples include blog comment forms and guest books. It is important that no form submission appears immediately on a web page. It will be an open invitation to spammers. Put a monitoring system in place.

If you are providing a free service (free email, free blogs) the spammer can create several thousand accounts
The spammer expects you to read his spam message

Rest of the forms fall in the third category. This category is the least attractive to the spammer since only you see the spam message! The chances of spam submissions to this category is the least. So why bother about CAPTCHA itself?

Does your form really need a CAPTCHA?

There is no reason to attach a CAPTCHA with every form that you get online.

Design the form without CAPTCHA. Get it online!
You start getting form submissions. Take a note of the number of form submissions. (the conversion rate)
If you start getting spam submissions, attach a CAPTCHA.
Observe the drop in the number of genuine form submissions. Decide whether to keep the CAPTCHA

If you have decided to keep the CAPTCHA, try the tips below to keep it easier for your visitors.

Making a better CAPTCHA

A good CAPTCHA will keep the form submission rate high while keeping the bots away.

1. Avoid similar symbols in the CAPTCHA

There are several characters that look similar. CAPTCHA, by nature is distorted. The similarity can cause confusion.

Examples:
1(one) l(lowercase L) and I (uppercase i)
0(zero) and O and o (lowercase O)
4 and A
8 and B
6 and b

2. Password field for Captcha?

I don’t understand why some web forms have *Password field* for filling in the captcha code!

Password field, supposedly, is to prevent someone seeing the entered text ‘over your shoulder’; right?

3. Fill the form again? Oh No!

Though this is very basic, I have seen this happening at least in a couple of forms.
You fill the form, and manage to fill the CAPTCHA and submit. Bang! The form appears again and says the CAPTCHA code is wrong. That’s fine; but the entire form is cleared too!
Use Ajax to validate CAPTCHA; never make the visitor fill the form again.

4. Make it bigger

Bigger text is easier to decipher. The size of the characters doesn’t matter for the bots anyway. So make it larger.

5. No Fancy fonts please!

It is easier to decipher the code if the font is a familiar one. Use a common, non-fancy font in the CAPTCHA

6. Link to refresh the CAPTCHA.

Always give an option to refresh the CAPTCHA. In case one code is difficult, your visitors can try another one.

7. Keep it short

A 6 character CAPTCHA code is reasonable while anything more than 10 is too much!

Use CAPTCHA only when necessary. Even if you decided to have CAPTCHA, make it easier for your visitors.

Simfatic Solutions Blog » captcha