Still using CAPTCHA?

CAPTCHA refers to the security tests we often see at different forms. Usually they are shown as a random, meaningless combination of numbers and letters with the goal to ensure that a system is used by humans and not robots.

As security tools, CAPTCHAs are great, because they do their job well. But they also entail many problems. The character combinations they show are often unreadable for people. Even a good eyesight may not be able to distinguish between several possible characters. Elderly people may have different levels of vision impairment, so they can't continue, which means that there is an accessibility problem. Some CAPTCHAs provide acoustic feedback (like reCAPTCHA), but not all are so advanced.

I think that CAPTCHAs actually break the layout of the page. They just look different and don't contribute anything to an already existing page. Due to their generality, they are rarely adaptable to the current context in use. Their existence has solely "defensive" goals and doesn't support visual design in any way, which is why they need to be excluded from it. Using them, we recognize the weakness of the system to deal with malicious input. This leads to even more attempts to circumvent the security module, which is now made visible. A good system needs to deal transparently with both humans and robots.

A CAPTCHA slows users down—they have to read and decode the characters and then fill them in one additional input field. Design should be there to first solve human problems, and then to prevent from machine ones. There is a tradeoff between security and visual design, which we need to evaluate. Clicking only on the refresh button with the hope to receive more readable characters isn't very usable.