|
Bloor helps ITA do it better than Google
 |
By: Peter Abrahams, Practice Leader - Accessibility and Usability, Bloor Research
Published: 2nd March 2006
Copyright Bloor Research © 2006
|
 |
Security versus accessibility should not be a battle, they should both win. This is not the case when trying to set up a Froogle merchant account. Go to Google, click on Froogle, then information for merchants and finally get started. You are presented with a standard form to fill in. The form looks OK (even if it fails the HTML validator) and is well laid out, until you come to the word verification section.
Google, like many other sites, including this site, want to ensure that there is a real person filling in this form, sitting at a real terminal, and not some automated robot with some undesirable intentions. So the form includes an image such as the following:
with some letters included in it that can be read by anyone with reasonably good eyesight. A robot cannot see or read these so if the user can type them into an input field Google can be certain that there is a person typing them in and not a robot. This check is essential to Google otherwise they could be flooded with spurious and malevolent attacks.
However the problem is that if the robot cannot read the image nor can a screen reader and therefore anyone with a visual impairment will not be able to complete the form.
Google has recognised that this is a problem morally, financially and legally and have put a little wheelchair sign (not the most appropriate sign for a specifically visual impairment problem) by the side of it. Clicking on the wheelchair pops-up a new window without telling you that it is going to do that (also not good accessible design). The pop-up asks you to click for more information and there you are told to send your email address so they can provide you with an alternative method of verification. At this point some people will give up and not bother to send the email. Others will send the email but probably never try and go through the process. Even those who do persevere will do so grudgingly and with a continuing bad taste in their mouth about Google (see the petition at www.blindwebaccess.com ).
All of this is unnecessary, as IT-A and IT-D have proved, with the help of the Bloor Research Accessibility Practice. Go to the bottom of this article and click on ‘post comment’. In the form you will see a similar image with characters in it. The difference is if you click on the image a window will open up (you will be told that is going to happen) and then it will play a wav file that reads out the characters (so the above would say Lima-Indigo-Tango-Uniform-Alpha-Lima-Indigo). One of our blind users has tried this out and said ‘it is very good’.
Our web team deserves a big round of applause for setting this up. Now all we have to do is to shame Google into fixing their site.
Sorry, we are no longer accepting comments on this item. We suggest trying to contact the author directly.
2nd March 2006: 'Laurence S' said:
This doesn't work on Linux or MacIntosh - isn't that discrimation in it's own right? Hardly a solution, more of a &^87 up.
Reply to Laurence S?
2nd March 2006: 'anonymous' said:
captcha images are a pain to anyone, not just the blind. get rid of them they are not needed. captchas only mask poor form validation and bad code.
Reply to anonymous?
21st March 2007: 'Jack' said:
Obviously you've never run a free email service, and therefore have no experience of the pains that spammers can cause you. I am filled with rage at your comment and feel the need to tell you to die.
Reply to Jack?
2nd March 2006: 'Baffoon' said:
Check your facts. Google has an accessible image captcha. Google's image captcha is far superior to this robot on prozac
Reply to Baffoon?
2nd March 2006: 'pig' said:
Google has audio versions on its site .... what the hell are you talking about?
Reply to pig?
2nd March 2006: 'Webmaster' said:
Please retract this article immediately and get your author to check his facts.
Reply to Webmaster?
2nd March 2006: 'Tony' said:
Doesn't work without cookies and only on Windows XP. Hardly a solution.
Reply to Tony?
2nd March 2006: 'Brian Smithson' said:
As for the captcha not working on Linux or the Mac - I beg to differ. It works fine here on my Mac G5.
Don't have Linux, so cannot check that.
Reply to Brian Smithson?
2nd March 2006: 'anonymous' said:
looks better now - prefer the icons to the popunder
Reply to anonymous?
2nd March 2006: 'Peter Abrahams' said:
In reply to baffoon, pig and webmaster. If they believe my article is wrong can they please try the route I took and tell me how I hear the word verification?
If there is an alternative can they point me at it and explain how I am meant to find it?
It would also be useful if Google responded to the petition if they believe they have now fixed it.
As of now I stick by my article.
Reply to Peter Abrahams?
2nd March 2006: 'Briany' said:
*it did work on the Apple Mac* - it doesn't any longer. This is a very poor solution.
Reply to Briany?
2nd March 2006: 'Chi Z P Niss' said:
Great article - good solution. Love the clearly labelled icons and the way the image code field auto focuses ... a lot of bigger sites could learn a lot from you Peter.
Reply to Chi Z P Niss?
3rd March 2006: 'Peter Abrahams' said:
Our webteam, and I would like to thank our readers for the correspondence about this article.
The positive encouragement, the suggestion for improvements and even the highlighting of problems, have all be welcomed.
We have reacted to these quickly and now believe that we have a usable, accessible and secure solution to word verfication.
Further comments and suggestions are always welcome.
Reply to Peter Abrahams?
6th March 2006: 'Malcolm O'Neale' said:
Peter, this is great. Do Bloor, or any of the other analyst companies on ITA, offer website accessibility / consultancy services?
Reply to Malcolm O'Neale?
7th March 2006: 'Mark Douglas' said:
Poor solution. Have you tried using it with cookies disabled? It breaks the form!! I for one take privacy issues very seriously and do not accept cookies from any website. Why not pass the image phrase through a hidden form field? That way even security conscious people like myself can use the system ...
Reply to Mark Douglas?
7th March 2006: 'Jenny Flynn' said:
Peter your article on image verification is sure making some waves within my company. I just wish other people took this important issue seriously ..... would be good to hear from people supporting your efforts, not just those dissing the whole caboo!!
Reply to Jenny Flynn?
7th March 2006: 'Mark Douglas' said:
Miles, thanks for the speedy response. I understand what you are saying but do not agree with your logic ... session cookies are still invasive and should be banned. Why not remove the image verification altogether and opt for a content filter that checks for words like viagra etc ....
Reply to Mark Douglas?
10th March 2006: 'Little Shytster' said:
Peter - excellent work, I bet the webteam at IT-Analysis.com appreciate the advice. Does Bloor offer accessibility consultancy for web sites?
Reply to Little Shytster?
10th March 2006: 'Ian Holmes' said:
Short of removing the captcha image, this has to be the best solution I have seen. Many larger sites could learn a lot from Bloor Research and Peter Abrahams' accessibility practice. Can you write an article about the top ten accessibility issues? this would be very useful for us web developers. Thanks.
Reply to Ian Holmes?
20th December 2006: 'Geoff Adams' said:
I see you have changed the forms on IT-Analysis.com. Whilst they are much, much better without tables, you have broken the audible captcha system. It seldom plays the phrase or when it does the page refreshes and the window loses focus as the media player application springs to life. Pity.
Plus the visual captcha only accepts upper case characters without spaces - is this intentional? If so you need to change your messaging ...
Reply to Geoff Adams?
8th February 2007: 'jj' said:
the audible captcha appears to have broken ... the google version works though. i guess google have Now bettered bLoor.
Reply to jj?
9th February 2007: 'Miles Wolstenholme' said:
jj - please can you let us know which web browser and Operating System you are using?
We have performed extensive tests and cannot get the system to break. I am not saying that there isn't a problem, just one we cannot replicate.
Peter has quite correctly noted that the 'audio' and 'refresh' buttons do not have a keyboard shortcut assigned to them ... this is something we will implement soon.
Webmaster
Reply to Miles Wolstenholme?
12th February 2007: 'jj' said:
The CAPTCHA does not work in Opera on Windows XP SP2 using ZoneAlarm Internet Security suite. All I get now is an image placeholder ... not even a visual code.
Reply to jj?
20th March 2007: 'tedd' said:
Just to correct your article, your spoken CAPTCHA does not follow the "standard" Phonetic Alphabet nor what you state in your article. For example instead of your CAPTCHA speaking "Lima" for "L" it says "Library".
You might want to review:
http://www.grc.nasa.gov/WWW/MAEL/ag/phonetic.htm
Also, the typical graphic image CAPTCHA is becoming less of a problem fro spam-bots and harder for accessibility so it's use is problematic in several ways.
As you know, I'm working on other more acceptable ways of using CAPTCHA's. Perhaps someone will eventually get it right.
tedd
Reply to tedd?
21st March 2007: 'IT-Analysis.com' said:
Tedd, thanks for your observations. We have updated the audible captcha system to use the universal Phonetic Alphabet.
Reply to IT-Analysis.com?
20th March 2007: 'tedd' said:
Oh, one more thing -- I hate forms or web pages that will not allow you to go back to the previous page.
tedd
Reply to tedd?
21st March 2007: 'Peter Abrahams' (Author) said:
Tedd
Thank you for your comments.
The article uses Indigo instead of India for 'I' because that is used by the British Police and I have picked it up from there.
I would agree that using the standard NATO phonetic alphabet as you suggested is probably the right way to go and I notice that there are some variants such as 'library' instead of 'lima'. However the system in use by IT-Analysis works and I could not justify asking the webmaster to spend time and money to change it. I am sure it will be kept in mind for a future upgrade.
As with all forms of security there is a balancing act between cost, usability and security. I believe that the system on IT-A provides a good balance for this environment. It is accessible and it has stopped a lot of spam-bots that were getting through when there was no catchpa .
I and IT-A are always interested in research in this area and improved methods of solving this problem so I will follow your research with interest.
Reply to Peter Abrahams?
31st May 2007: 'David Rush' said:
Why not have a funny captcha section on IT-Director.com as a bit of light relief? I imagine there are a number of four letter words that could prompt a giggle or two!
Reply to David Rush?
12th December 2007: 'Jonathon Cane' said:
I can't find the accessible captcha you wrote about. Why did you get rid of it?
Reply to Jonathon Cane?
12th December 2007: 'Webmaster' said:
Jonathon,
You're quite correct. We removed the visual/audible CAPTCHA as it was causing too many problems - simplifying it further would have deleted the objective. The replacement Q+A system appears to be working well although thinking of new questions and responses can be taxing!
A quick Google for 'audio captcha' will reveal many resources should you need them.
Kind Regards
Webmaster
Reply to Webmaster?
|
Delicious
Digg
reddit
Facebook
StumbleUpon