Website Forms – Does CAPTCHA Exclude Users with Disabilities?

Contact and registration forms are a standard feature of many websites, both commercial and public. CAPTCHAs are often used to secure them. While effective in combating bots, these solutions can pose a significant barrier for users with disabilities. People who are blind, have mobility impairments, or have cognitive disabilities often encounter difficulties that prevent them from using forms. In this article, we discuss how different types of CAPTCHAs impact accessibility, whether they can be adapted to WCAG guidelines, and what alternatives are worth considering.

CAPTCHA – what is it?

A CAPTCHA is a test designed to distinguish a human from an automated bot. It can take various forms, from the classic task of copying distorted text from an image, to highlighting graphic elements or confirming a statement like “I’m not a robot.”

CAPTCHAs operate under the assumption that the task will be easy for humans to solve and difficult for machines. In practice, however, the effectiveness of the security measure often goes hand in hand with its complexity, leading to significant digital accessibility issues – especially for people using assistive technologies.

Why secure forms on your website?

Online forms are vulnerable to various forms of abuse, from automated spam submissions and system overload attempts to phishing and unauthorized registrations. CAPTCHA is one of the primary defenses against these threats. It protects the server infrastructure, prevents the influx of unwanted data, and limits the ability of bots to automatically complete forms.

For many institutions and companies, CAPTCHA is not just a technical issue but also a required element of security policies. However, problems arise when security measures are implemented without considering the needs of all users.

How does CAPTCHA exclude users with disabilities?

Although CAPTCHA is intended to protect forms, its design often proves to be a digital barrier. Depending on the type of test used, people with various disabilities encounter difficulties.

Text CAPTCHA

The traditional, text-based CAPTCHA involves rewriting a sequence of characters presented in a distorted image. The characters are intentionally blurred, overlapping, appearing on a colored background, or distorted in a way that makes them difficult for a machine to recognize automatically. Unfortunately, this also makes them difficult for humans to recognize—and for blind people, makes the task completely impossible.

Even the most advanced screen readers cannot read graphical content without a text alternative, which is usually missing. Therefore, blind users cannot independently verify the form.

Text CAPTCHA

Image CAPTCHA

Image CAPTCHA requires selecting specific elements in images—for example, “all images containing a car” or “all traffic lights.” While this task may seem relatively straightforward for sighted users, visually impaired users can have significant difficulty completing it. The most common reasons are:

• blurry, low-contrast images,

• too small graphic scale,

• no magnification,

• poor quality of the presented photos.

Picture Captcha

Moreover, it’s often impossible to clearly identify what’s in the image—even for someone without visual impairments. The lack of an alt attribute and the ability to use assistive tools like a screen magnifier or narrator further exacerbate the barrier. Blind people will certainly not be able to complete the task.

Audio CAPTCHA

As an alternative for blind people, some websites offer audio CAPTCHAs. While this theoretically allows users to bypass visual barriers, in practice it presents challenges for other users. Recordings often contain noise or intentional distortions. Language can be an additional challenge, as many recordings are available only in English.

Please also note that people who are deaf, hard of hearing, or have a sound processing disorder are not able to use this solution at all.

Audio CAPTCHA

reCAPTCHA v2

CAPTCHAs based on simple interactions, such as checking the “I’m not a robot” box or moving an element to the appropriate location, are considered more user-friendly. However, they aren’t for everyone. People with mobility impairments, including users with limb weakness or those using alternative computer control methods (e.g., switches, voice control), are often unable to perform such precise gestures.

reCAPTCHA v2

Additionally, if reCAPTCHA v2 is not fully keyboard-compatible, becoming an insurmountable barrier. Some versions reCAPTCHAs may also contain hidden timing mechanisms or additional tests (e.g., image selection) that significantly complicate use by people with limited manual dexterity.

Types of CAPTCHA and accessibility

How can website administrators resolve CAPTCHA issues?

Website administrators in public institutions, such as municipal offices, cities, and local government units, face a dual challenge today. On the one hand, they must protect website forms from abuse, and on the other, ensure full digital accessibility in accordance with digital accessibility regulations, including the Website Accessibility Act and the Polish Accessibility Act.

Tools like SAT allow for automatic scanning of pages with forms. They detect the presence of CAPTCHAs on the page and indicate whether it meets WCAG requirements. Accessibility reports often include recommendations for implementing alternative versions (text or audio), improving keyboard support, and identifying local language versions of tests.

To solve the CAPTCHA problem, the test must be adapted to accessibility principles, for example by adding multiple verification methods to choose from.

It’s also important to properly mark CAPTCHAs with the ALT attribute. On the one hand, the alternative description cannot contain the answer (adding security would defeat the purpose). On the other hand, users using a screen reader should be informed about the presence of this mechanism and its operation. Depending on the type of CAPTCHA, the alt attribute may vary slightly, for example, “Type the word from the image,” “Perform the following action and enter the result,” or “Type the word indicated in the audio message.”

However, it is worth remembering that standard types of CAPTCHA are not the only type of form security.

What are the alternative methods of user verification?

While CAPTCHA has long been the default security solution, today there are many alternatives available that don’t create barriers for people with disabilities. One of the most recommended is the so-called “invisible CAPTCHA”—a system that runs in the background, analyzing user behavior on the website without requiring user interaction.

Another option is so-called “honeypots.” These are hidden fields in the form that only bots can see. If a bot fills out such a field, the system automatically marks the report as spam. This solution is invisible to users, so it doesn’t pose any accessibility issues.

Not just CAPTCHA – what else affects the accessibility of forms?

The accessibility of web forms isn’t just a matter of security. Equally important are elements such as appropriate field labels, a logical form structure, and support for assistive technologies. Fields should be semantically linked to descriptions using the label and aria-labelledby attributes. The form must be fully keyboard-accessible, with no “traps”—situations where the user cannot move to the next field or exit the form.

It’s important to ensure adequate contrast between text and background, clear error messages, and support for autocomplete mechanisms. Furthermore, forms should be responsive, meaning they’re accessible on mobile devices. Users should have enough time to complete them without the pressure of an automatic session expiration.