SPAM sucks for everyone and fighting against it is a losing battle, yet we web developers have to do our best to limit it the best we can. I’m facing a number of situations where I have to choose between offering the user a CAPTCHA or a challenge-response e-mail (e-mail them a link to click).
Some situations are obvious choices (resetting a password is a definite e-mail, non-logged in situations are obvious CAPTCHAs), but others are more in the grey area.
So I ask you:
Which is More Annoying? A CAPTCHA or a Challenge Response E-mail?
I eagerly await your painstakingly crafted responses in the comments.
When thinking about automated SPAM have in mind – robots do not do everything humans do.
They follow links.
They don’t click, don’t read java script, don’t read flash, do not watch movies clips, can read images but not animated once e.t.c.
Programmers that make robots are clever, but not cleverer than you (Alex).
Robots are stupid code followers.
CAPTCHA and Challenge Response are not the best and not the only option.
See how did I do it in http://wordpress.mu/
Still, one user said that it is annoying to ask him to click in the text area before start typing (he probably prefers tab selection).
You can not make all users happy 😀
Which do you find more/less annoying as a user?
Challenge Response E-mail is MUCH more annoying because it takes lots more work, relatively speaking, it’s not instantaneous, the email could get lost in cyberspace and not even get to the user, and you have to open a whole different program to get access to the site/service/action that you want RIGHT NOW.
Hey Alex, I have to say that I find CAPTCHAs (when done right) much less annoying than emails. They’re more immediate, there’s no chance of them getting lost on the way to me, and entering my email address just to get a verification sent could make one wonder if that address is being collected for less-desirable purposes.
On the other hand, there are lots of CAPTCHAs that in the race to outsmart the OCR bots, really hamper usability. If I can’t read the CAPTCHA, that’s a major no-no in my mind. The annoyance of having to get another CAPTCHA far outweighs the small number of OCR bots you’ve fooled by twisting the lettering so much it’s human-unreadable. I also think the quality of the CAPTCHA has a bit to do with the type/style/color choices… I’ve seen some of them use fonts/color combos/styles that are nearly unreadable before they put the lettering through the ringer.
And, as always, if possible there should be accommodations for those who can’t see the CAPTCHA at all.
Since I can add or subtract challenge questions are best IMO. It’s annoying to open up another tab to get to my e-mail and sometimes it takes 30 seconds to a minute for me to get the email in order to prove I’m human.
Just don’t do images and ask what it is, I hate answering “string” to a picture of thread.
Challenge/response is much more annoying, making me go to a different application, wait for the email which sometimes never arrives, click the link, etc. On the application end you have to worry about spam filters, bounces & backscatter, typos, etc.
For me it comes down to how easy the CAPTCHA is to decipher.
If it’s easy then I probably prefer it since I don’t have to wait for the email, open it, copy the code or click the link and then continue – I can just type in the text and carry on.
However, some CAPTCHA’s can be ridiculously hard to work out (Ticketmaster springs to mind) and sometimes I will take two or three attempts to get past them which drives me crazy.
Of course I also have good eyesight (at least with my glasses on!) so the accessibility issues of CAPTCHA’s don’t apply to me, but I do wonder if I take two or three attempts how many other people might need.
Sorry, I forgot to answer the question 😀
Less annoying for me is Challenge Response, but it would give me some fun if I have to add a missing letter in the word.
It well also make it more difficult for the robots to insert the challenge response
I apologize for my third comment, but I missed the “email” word, appearing on the next line on my screen. (I thought it is about the challenge response you have in the comment page)
In that case I would say that CAPTCHA is less annoying.
I typically prefer a CAPTCHA, but I understand that they can be more easily broken. A challenge/response email annoys me a little bit, but 99% of the time that I have access to the Web I have an email client up and running, so it’s not terrible or anything.
CAPTCHAs are less work, therefore slightly less irritating for my money.
Except for accessibility reasons, I can’t imagine anyone claiming challenge/response is less annoying. It completely interrupts the flow of what you’re trying to accomplish. Regardless of how readily available your email is, that’s still far more annoying then typing in a CAPTCHA (or preferably, reCAPTCHA) response.
If we can vote outside of those 2, I’d also agree that simple math ones are groovy.
I’m glad to see these responses as I’ve been implementing reCAPTCHA for a service this week.
I have to add my voice to those preferring a captcha over a challenge/response e-mail. It is definitely annoying to have to wait on an e-mail. However, the point that the captcha must be easy to read is a good one. I’ve come across some that are almost impossible to make out.
In order of preference:
1. Simple, easy to read CAPTCHA
2. Challenge Response
3. Rolling around naked in broken glass
4. Indecipherable CAPTCHA
In order of preference I would say :
1. Simple math question
2. Simple easy to read Captcha
3. Challenge response e-mail
But as you mention in your article, each solution fill a given situation (challenge response e-mail is still the best solution for authentified action even if email is not 100% risk free).
Between the two choices, the captcha is preferable. However I really like the ones which ask you simple an A or B question that is related to the subject matter. For example a form for a page about swimming pools, ask you to verify that you are human by stating “is water wet or dry?” – these take a bit more imagination to setup for each page unless you opt for universal truths so to speak. The less accessible alternative is “tell me what colour this block is:”
Alex,
I feel that challenge response email more annoying than a Captcha. But we should also keep in mind those users with disabilities. So I would prefer Captcha with audio support than challenge response email.
Cheers,
Sudar
CAPTCHA, all the way. I’m not visiting your site in my email program, I’m visiting it in my browser.
Don’t make me switch to email, especially since I may not even have it setup on this particular machine. There’s nothing I hate more than having to pull out my laptop to get an email that just wants me to click a link to activate my account.
Email confirmations can also be annoying when there’s some kind of failure along the line. Either there’s a backlog on their side sending, on my side receiving, the overall lag of internet travel… something. Now I’m patiently waiting for an email confirmation, but none is forthcoming.
You (as in the maintainer of the site) are far more likely to realize that the CAPTCHA is broken than that the whole system is working fine… emails just aren’t always making it out to end users.
On the flip side (benefits to the site), using a CAPTCHA eliminates the whole “I didn’t get the email” “Well, did you check your spam folder? Maybe your host is having problems?” support exchange. Less maintenance on everyones’ part is a Good Thing.
Oh, and just so you know… Zend’s site is horrible (in my experience) about emails. Countless times I’ve done *something* on their site that wants to send me an email (like resetting a password), and it can take hours to get it, if it sends at all. So these problems clearly aren’t isolated to small sites – even the big guys have them too.
Ugh, waiting on an email for anything is always more annoying, imo.
reCAPTCHA has built-in audio options for accessibility, it’s one of the reasons I opted to use them in this initial build work.
Captcha is better than email – but wouldn’t it great if there was a picture captcha. Let’s say you have x-pictures of man and women faces. You show the picture and the “human” answers the question if it is boy or a girl. This is beyond OCR.
If the form is completely Ajax driven, do you even need obtrusive Captcha at all? Could you not just put the Captcha challenge in a the noscript tag to keep it accessible when javascript is disabled of for screen readers (assuming you have an audible challenge as well in that case)? Just a thought.
Golly – the CAPTCHA has gotta disappear eventually, doesn’t it? It was a unique method for teasing out humans from bots, but slows down the user a great deal. What I like about sending an email is that I can sign up for a site and in the future be reminded that I signed up by searching through my email (yes, I am that forgetful).
It is totally dependent on how hard it is to read the secret code. There are some that are impossible to decipher!
Generally speaking, the capcha is preferable. Most emails are not even read.
I Personally find email links more annoying
[…] CAPTCHA or a Challenge Response E-mail? | alexking.org A good discussion: “Which is More Annoying? A CAPTCHA or a Challenge Response E-mail?” (tags: spam blogging) […]
Great question, I think that challenge response is much more annoying, unless there is some reason such as a forum where you have requested to be emailed about responses. CAPTCHA must be readable I hate it when you go to a site and they show unreadable CAPTCHA.
I think captch is less annoying, as you see the alphanumeric data on the same page and need to enter it in the box.
But the email. You have to open a new window, login to your email account, click on the link, and then the comment is activated.
But I think email blocks more spam than captcha.
[…] King had a great post last month asking people which they thought was more annoying, CAPTCHA or Challenge Response E-mail. The comments suggest that most people find email more annoying, assuming that the CAPTCHA […]
Personally, I dislike CAPTCHAs. Too many are hard to read. The CR is a better solution for me. It works for both web forms and straight emails. I think the wording on the response email is important. Let people know that this is a confirmation email and to thank them for emailing and that they will only have to confirm their email once. Like Eric, I appreciate the response email. Just make it personable and not a ‘We think you may be spam so we’re making you go through a hoop before we read your email’.
personally? I used spamarrest for over a year and it was great except when I needed to do something to a new account or add or delete accounts, etc…their tech support is almost non existent and they really don’t seem to care if you are having trouble or not. Especially for a techless wonder like myself, it was a nightmare trying to get a new email address added and working properly. If you are tech wizard, it’s great…if you are like me and sort of slow at that stuff…get ready to be frustrated needlessly by the non-existent support staff and their non-existent phone…
For personal email accounts (not businesses where it might be worse than spam) how about ip addresses for the white list?