Usability vs pseudo security


Bookmark and Share
Today I was planning my trip to eMetrics and I learned that my employer asks us to be Aeroplan members. My point isn't about the benefits of Aeroplan, but rather about a usability problem that seems to stem from a false sentiment of security/antispam policy: the captcha concept.

In general, my opinion is there is too much lost space, which puts about a third of the content below the fold. But there are some small nuggets of mis-usability in there too! I'm sure you can find some of them on the enrollment page: check where it says "call us"... what's missing from the page? A phone number! It's nowhere to be seen... Can you find others?

But the worst comes when on the last step, it asks to type what is shown in the image. Their justification is reasonable:
Another security measure, Image Validation allows Aeroplan to be certain that a real person, you, is creating the new account, not a program seeking to achieve false enrollments. Programs and computers cannot read the characters in the validation image, so cannot pass this test.
There is just one big problem with this approach:

Can you read the picture shown below?

I tried... but I obviously made a mistake because it came back with this one:

Not much better...

I think they should read the book Don't Make Me Think.

Would you recommend using captcha?


at 3/07/2007 06:56:00 PM

Labels: , ,

3 comments:

Greg Scowen said...

Ah yes, the wonderful CAPTCHA... sometimes I really struggle to read what the heck they are saying.

Uh-oh, there is one down there now for me to decipher before I submit this comment. Luckily, the Blogger ones aren't too bad. Maybe something to be learned here by the people behind your example?

3/09/2007
Sébastien Brodeur said...

I use graphical CAPTCHA on my site. Spam and other web nuisance create this situation. But if I had time I prefer to use some kind of white list. If a user have never post, before the comment/post appear, I will need to authorize this username/email. But I lack time to do so.

Also, graphical CAPTCHA, by definition, are not accessible. You need some fancy audio capability to address this issue.

This is not a simple choice.

3/09/2007
Stephane said...

1) CAPTCHA are necessary evils. Lesser evils than any other procedure I am aware of.

2) I agree that the CAPTCHA you posted are not good, generating too many false positives (i.e. a test that a human will fail). Distorted sequences of random letters seem to work better (rather than noisy renditions)

3) have you seen this?

3/09/2007

Post a Comment