惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

罗磊的独立博客
Apple Machine Learning Research
Apple Machine Learning Research
The Cloudflare Blog
WordPress大学
WordPress大学
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 叶小钗
博客园 - 聂微东
阮一峰的网络日志
阮一峰的网络日志
腾讯CDC
博客园 - 三生石上(FineUI控件)
V
V2EX
有赞技术团队
有赞技术团队
V
Visual Studio Blog
小众软件
小众软件
Jina AI
Jina AI
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - Franky
量子位
T
Tailwind CSS Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
Cisco Talos Blog
Cisco Talos Blog
I
Intezer
Project Zero
Project Zero
A
Arctic Wolf
P
Privacy International News Feed
V
Vulnerabilities – Threatpost
L
Lohrmann on Cybersecurity
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Tor Project blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
Security @ Cisco Blogs
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 热门话题
G
GRAHAM CLULEY
Help Net Security
Help Net Security
N
News | PayPal Newsroom
W
WeLiveSecurity
G
Google Developers Blog
Microsoft Security Blog
Microsoft Security Blog
Engineering at Meta
Engineering at Meta
MongoDB | Blog
MongoDB | Blog
C
Check Point Blog

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

Learn Command Line Interface (CLI) Development with Dart: From Zero to a Fully Published Developer Tool How to Build a Live Options Database in Python – A Complete Guide How to Migrate to S3 Native State Locking in Terraform How to Use SCons to Build Software Projects [Full Handbook] How to Run Open Source LLMs Locally and in the Cloud QuRT: The Real-Time OS Inside Your Phone's Processor [Full Handbook] The Real Infrastructure Behind Remote Work (It’s Not Just Wi-Fi) The Lithography Handbook: Machines, Markets, and the Next Wave of Semiconductor Startups ITCM vs DTCM vs DDR: Embedded Memory Types Explained [Full Handbook] AI Paper Review: Improving Language Understanding by Generative Pre-Training (GPT-1) How to Build a Market Research Copilot with MCP and Python [Full Handbook] How to Build a Scoped Note-Taking API with Django Rest Framework and SimpleJWT The Complete SOC 2 Type II Implementation Handbook for Engineers: A Month-by-Month Roadmap with Real Commands Mastering the JavaScript Event Loop Data Science Insights: Why the Mean Lies When Handling Messy Retail Data How to Build High-Ranking SEO Landing Page How to Query Data in DynamoDB Using .Net How to Unblock Your AI PR Review Bottleneck: A Tech Lead’s Guide to Building a Codebase-Aware Reviewer How to Navigate Microservices as a Frontend Engineer How to Compress PDF Files in the Browser Using JavaScript (Step-by-Step) Stanford's youngest instructor talks InfoSec, AI, and catching cheaters - Rachel Fernandez interview [Podcast #217] Product Experimentation with Propensity Scores: Causal Inference for LLM-Based Features in Python How to Build a Multi-Agent AI System with LangGraph, MCP, and A2A [Full Book] How to Land Your First Cloud or DevOps Role: What Hiring Managers Actually Look For How to Deploy a Serverless Spam Classifier Using Scikit-Learn, AWS Lambda, & API Gateway How to Dockerize a Go Application – Full Step-by-Step Walkthrough Learn Hardware, Cloud, DevOps, Networking, Security, Databases, DNS, Git, and Linux Inside TreeHacks 2026, Stanford’s Elite Student Hakc Inside Stanford’s Elite Student Hackathon [Full Documentary] How to Measure Your AI Citation Rate Across ChatGPT, Perplexity, and Claude How to Deploy a Full-Stack Next.js App on Cloudflare Workers with GitHub Actions CI/CD How to Build a Multi-Tenant SaaS Platform with Next.js, Express, and Prisma How I Completed 15 freeCodeCamp Certifications in 4 Months: A Structured Learning Journey How to Build an Agentic Terminal Workflow with GitHub Copilot CLI and MCP Servers How AI Changed the Economics of Writing Clean Code How to Apply STRIDE Threat Modeling and SonarQube Analysis for Secure Software Development How to Set Up OpenID Connect (OIDC) in GitHub Actions for AWS How to Split PDF Files in the Browser Using JavaScript (Step-by-Step) How to Build Your Own Language-Specific LLM [Full Handbook] How to Build a Self-Learning RAG System with Knowledge Reflection How to Trace Multi-Agent AI Swarms with Jaeger v2 How I Tested Malaysia's Open Data Portals with Plain English How I Built a Production-Ready CI/CD Pipeline for a Monorepo-Based Microservices System with Jenkins, Docker Compose, and Traefik The Hidden Tax of Infrastructure: Why Your Team Shouldn’t Be Running It Anymore From Metrics to Meaning: How PaaS Helps Developers Understand Production From Symptoms to Root Cause: How to Use the 5 Whys Technique Product Experimentation for AI Rollouts: Why A/B Testing Breaks and How Difference-in-Differences in Python Fixes It How to Create a GPU-Optimized Machine Image with HashiCorp Packer on GCP 3D Web Development with Blender and Three.js How to Fix a Failing GitHub PR: Debugging CI, Lint Errors, and Build Errors Step by Step How to Merge PDF Files in the Browser Using JavaScript (Step-by-Step) How to Handle Stripe Webhooks Reliably with Background Jobs How to Build an Automatic Knowledge Graph for Your Blog with PHP and JSON-LD Understanding Proxies and Reverse Proxies: Your Gateway to Secure Networking The Evolution of Nvidia Blackwell GPU Memory Architecture How to Use PostgreSQL as a Cache, Queue, and Search Engine The New Definition of Software Engineering in the Age of AI Reclaim Your Time – Master Automation with Zapier How to Create Dynamic Emails in Go with React Email Why Many Beginner Self-Taught Developers Struggle (And What to Do About It) How to Build a Headless WordPress Frontend with Astro SSR on Cloudflare Pages How to Make Your GitHub Profile Stand Out How to Use Context Hub (chub) to Build a Companion Relevance Engine Why Chrome OS Is the Operating System the AI Era Was Built For How to Build Microservices-Based REST APIs for Healthcare Portals How to friction-max your learning with software engineer Jessica Rose [Podcast #216] Shadow AI Explained: Why Employees Are Using AI Behind Your Back Traditional Scraping vs AI Scraping: A Practical Guide for Developers and Data Teams How Database Indexes Work – A Practical Guide with PostgreSQL Examples How to Streamline Search in Web Applications with Elasticsearch How to Build an Open Source Data Lake for Batch Ingestion OpenAI Codex Essentials – AI Assisted Agentic Development Course Learn Software System Design How to Generate PDF Files in the Browser Using JavaScript (With a Real Invoice Example) How to Get Started with Terraform Service-to-Service Communication: When to Use REST, gRPC, and Event-Driven Messaging A Developer’s Guide to Lazy Loading in React and Next.js The Data Quality Handbook: Data Errors, the Developer's Role, and Validation Layers Explained. United States Residential Proxy: Why Local IP Accuracy Matters for SERP, Ads, and Pricing How to Build a Fashion App That Helps You Organize Your Wardrobe How to Build an Admin Dashboard Sidebar with shadcn/ui and Base UI The AI Governance Handbook: How to Build Responsible AI Systems That Actually Ship How to Build a Local DevOps HomeLab with Docker, Kubernetes, and Ansible How to Use Mixins in Flutter [Full Handbook] How to Prep for Technical Interviews – A Guide for Web Developers GPT-5.4 vs GLM-5: Is Open Source Finally Matching Proprietary AI? Data Visualization Tools for Svelte Developers How to Keep Human Experts Visible in Your AI-Assisted Codebase Efficient Data Processing in Python: Batch vs Streaming Pipelines Explained How to Build and Deploy Multi-Architecture Docker Apps on Google Cloud Using ARM Nodes (Without QEMU) How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript How to Build a Positioning-Based Crude Oil Strategy in Python [Full Handbook] How to learn programming and CS in the AI hype era – interview with dev and prof Mark Mahoney [Podcast #215] CUDA Programming for NVIDIA H100s How to Build Reliable AI Systems. How to Build an Online Marketplace with Next.js, Express, and Stripe Connect How to Build a Cost-Efficient AI Agent with Tiered Model Routing The WebCodecs Handbook: Native Video Processing in the Browser The Bluetooth LE Audio Handbook: From "Why Does My Call Sound Like a Tin Can?" to AOSP Implementation How to Set Up OpenClaw and Design an A2A Plugin Bridge
How CAPTCHAs Affect Accessibility: Problems, Workarounds, and Alternatives
Ilknur Eren · 2026-05-27 · via freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
How CAPTCHAs Affect Accessibility: Problems, Workarounds, and Alternatives

CAPTCHAs – or the “I am not a robot” challenges – were originally designed to separate humans from bots.

It started with deciphering some distorted text, then evolved into checking a box or boxes where an element is in an image. While CAPTCHAs can help websites determine whether the user is a human or a bot, they often present challenges to many real humans, especially those with disabilities.

Screen with  small square of images. A user is pointing their index finger on one of the images.

Photo by Karen Grigorean on Unsplash

Table of Contents

  • What is CAPTCHA?

  • What Are the Issues with Visual CAPTCHAs?

  • What Are the Issues with Auditory CAPTCHAs?

  • What Are the Issues with Time-based CAPTCHAs?

  • Common Workarounds and Accessible Alternatives

    • Risk-Based Authentication

    • Device-Based Trust

    • Human-Friendly Verification

  • Conclusion

What is CAPTCHA?

CAPTCHA is an acronym that stands for Completely Automated Public Turing test to tell Computers and Humans Apart. CAPTCHA was originally created to prevent automated systems from abusing websites. For example, an automated system creating thousands of fake accounts in a short amount of time.

CAPTCHA can be a visual recognition test, like selecting all images with traffic lights. CAPTCHA can be audio challenge, which can be a test to type from hearing an audio. CAPTCHA can also be time-based or interaction-based behavior tracking. Visual, audio and time-based CAPTCHAs all have their own unique set of usability and accessibility issues.

What Are the Issues with Visual CAPTCHAs?

Image-based CAPTCHAs are one of the most common formats today. Visual CAPTCHA’s are the tests where we you'd see nine square boxes and have to select all of the boxes with traffic lights. They are also tested with one large image broken down into nine squares, and the user has to select the boxes where traffic lights appear. The visual CAPTCHAs create barriers for many people, such as people with visual impairments like blindness, low vision, color blindness.

First, the visual tests are often poorly compatible with screen readers as they are often not properly labeled for assistive technologies like screen readers, which creates an issue for users who rely on them.

In addition to issues with screen readers, how many times have you tried to complete a CAPTCHA where a sliver of a traffic light was in another square and you didn’t know if the test wanted you to select that box as well? I personally had issues verifying if the CAPTCHA test wanted me to select a square with a sliver of an image. Some CAPTCHAs have extremely low color contrast where I had issues figuring out the distorted text.

Some of the tests and images are ambiguous and create confusion for users. Audio CAPTCHA is an alternative approach to those that struggle with visual CAPTCHAs. Audio also comes with it's own set of usability and accessibility issues.

What Are the Issues with Auditory CAPTCHAs?

The visual CAPTCHA tests often come with an auditory equivalent for users who want to complete the test with auditory clues. The tests often have a button for the user to click and hear the visual clues. The user needs to enter the correct clue they hear in order to complete the CAPTCHA.

While the auditory CAPTCHA provides an alternative way for a user to complete the assignment, these often come with their own challenges. For example, they are frequently hard to understand due to distortion. Also, what if the user tries to complete these in a loud environment? Not only will the audio be distorted, the user will face a hard time listening when their environment is loud. In addition, the user might be hard of hearing, which will make the auditory CAPTCHA even harder to complete.

CAPTCHAs may put users in two difficult situations. Either struggle with a visual interface you cannot see, or attempt an audio alternative that may be equally unusable.

In addition to these struggles, CAPTCHAs can be time-based, giving you a test to complete in a specific amount of time. Time-based limitations can create another set of problems.

What Are the Issues with Time-based CAPTCHAs?

Some CAPTCHA challenges might need to be completed in a specific period of time. If the user takes longer, CAPTCHA test is voided.

The time-based CAPTCHA can create issues for users with cognitive disabilities, like memory, attention, or processing challenges or motor disabilities, those who have difficulty using a mouse or precise interactions. These users might need to spend more time completing the CAPTCHA, more time than the time limit set by CAPTCHA. In addition, users with anxiety disorders, or simply low bandwidth connections can also face the same issue.

Common Workarounds and Accessible Alternatives

Some websites try to improve accessibility by offering invisible CAPTCHA, checkbox verification, or verification through email or SMS. However, these solutions are inconsistent and users may still face challenges when the system is uncertain.

Improving accessibility in bot prevention does not mean removing security - it means reducing unnecessary barriers. We can try to implement Risk-Based Authentication, Device-Based Trust or move toward a human friendly approach.

Risk-Based Authentication

Instead of challenging every user, websites can analyze signals such as device history, location, login patterns, and behavior in the background. This allows the low-risk users proceed normally while triggering additional verification for suspicious activity. This reduces interruptions for legitimate users while maintaining security.

Device-Based Trust

Websites can recognize trusted devices after a successful login using secure tokens, passkeys, or multi-factor authentication. For example:

  1. User logs in successfully

  2. Device is marked as trusted

  3. Future visits bypass CAPTCHA unless unusual activity is detected

However, users should still have clear opt-outs and accessible fallback options for the first time they log in.

Human-Friendly Verification

When verification is necessary, websites can use methods that are easier to access than visual or audio puzzles, such as, email confirmation links, one-time codes and push notifications. These methods are often more compatible with screen readers and assistive technologies.

The goal is to move from “prove you are human by solving a puzzle” to “verify legitimacy with minimal friction for all users.”

Conclusion

CAPTCHAs highlight a broader tension in web design: security versus accessibility. While they solve a real problem—automated abuse—they often introduce barriers that disproportionately affect users with disabilities.

As accessibility standards evolve and awareness increases, the challenge is not just building systems that stop bots, but ensuring that legitimate users are not excluded in the process.



Learn to code for free. freeCodeCamp's open source curriculum has helped more than 40,000 people get jobs as developers. Get started