CAPTCHA accessibility

Accessibility makes a CAPTCHA challenge easy to complete for a human user. Apart from user experience, an accessible CAPTCHA also contributes to your web app's conversion rates. As the last link in the bot detection chain, CAPTCHA should be easy to understand and complete for users of any device, including people with various special needs. At the same time, it must effectively resist automatic sign-in attempts.

SmartCaptcha is guided by these two documents for accessibility:

• GOST R 52872–2019
• Web Content Accessibility Guidelines (WCAG) 2.1

Accessibility principlesAccessibility principles

SmartCaptcha follows a number of principles to help web apps maintain conversion rates while ensuring robust security:

• Perceivable content: CAPTCHA information and UI components are made to be as easy as possible to perceive. This is achieved through easy page customization, increased image contrast, plus the audio CAPTCHA as a readily available alternative.
• Easy to manage content: The UI components and navigation must be easy to manage. The CAPTCHA controls are clearly labeled and can be used with a mouse, keyboard, or TV remote.
• Clear content: The user must know exactly what actions need to be completed to pass the CAPTCHA test. Text challenges are available in 17 languages; audio challenges are available in Russian and English. The pages provide comprehensive descriptions of each element and feature a button you can use to contact support.
• Reliable content: Content must remain the same no matter what device it is processed on. Prior to each update, CAPTCHA gets thoroughly tested on a variety of devices.

According to the Yandex Cloud's metrics, about half of all users get through CAPTCHA on their first try. Failure to do so may be caused by bright sunlight, the device not supporting the necessary JavaScript libraries, etc. In which case the user can choose between additional attempts, an audio CAPTCHA, or a request for support (such requests have a higher priority).

You can vary CAPTCHA difficulty, type, and rules for different IP addresses, URIs, or headers, as well as analyze its impact on conversion. If your server is under attack, set your CAPTCHA to maximum difficulty for the most thorough traffic filtering.

TestingTesting

To ensure CAPTCHA accessibility, Yandex Cloud precedes each new feature release with a full-scale audit:

1. Primary audit: Identifying accessibility issues and ways to fix them.
2. Fixing: Issue correction and integration of automated validation and testing tools.
3. Verification of fixes: Further testing to confirm the fixes and identify new issues.
4. Deployment of regular regression tests for the product: Production of designs, autotests, and other tools for further testing.
5. Maintaining accessibility: While the product continues to be refined and tested, its new functionality goes through the same process from the very beginning.

You can test CAPTCHA accessibility yourself using the Lighthouse tool.