Making websites accessible and secure

Details of the findings are reported this month in the International Journal of Web Based Communities.

CAPTCHA stands for "completely automated public Turing test to tell computers and humans apart." These are computer-generated checks that attempt to determine whether a visitor is a legitimate user or a potentially malicious computer script favoured by hackers and spammers. They commonly take a question and answer form or ask users to enter characters in an obfuscated image of text. CAPTCHAs have even become useful to the wider community allowing corrections to be made to scanned public documents, such as out-of print books, by crowd-sourcing the entries users type. There are also audio CAPTCHAs on my any sites.

However, although they can help site owners block spam and malicious attacks, CAPTCHAs pose serious problems for the visually impaired and deaf web communities, say Joanne Kuzma and colleagues at the University of Worcester, England. The rise of online forums has benefited disabled users, who take advantage of better communications and more inclusion into society, the team asserts. But, the advent of CAPTCHAs has represented, on many occasions, an insurmountable technical barrier to many of those potential users.

There have been several legal cases in which members of a particular community have taken website owners to court over such obstacles, citing equal opportunities law. Such cases have ensured that those and other companies begin to recognise and address the problems around accessibility. Indeed, many companies in the web 2.0 era have pre-empted the issues that might arise and ensured that their sites are accessible and usable by everyone.

"Firms need to realise that it is legally and ethically important to provide fully accessibility to their systems," the researchers say. "With the increasing number of disabled people using these sites, firms can benefit economically by catering to their disabled constituents."

In surveying 150 online forums, the team has identified many that typically exclude many potential users through inappropriate CAPTCHA implementation. They suggest that site owners should determine whether or not the security offered by implementing a CAPTCHA offers a sufficiently raised level of security to justify its use to the possible exclusion of some users. There are many ways to block spammers and to tighten security that can function perfectly well behind the scenes rather than overtly at the front-end of a site. If a site deems it essential to use a CAPTCHA, then they must ensure that various types are in place so that users of any ability have a choice including different types of character, audio, image recognition and logic-based tests so that no one is excluded except the spammers and hackers.