验证码可以访问吗?
我正在利用业余时间为一家教育机构编写一个网站,从我读到的这个地方的统计数据来看,他们似乎有很多残疾学生在那里学习。 简而言之,我正在建立一个帐户系统,学生可以登录并接收有关其课程的基本信息,允许他们对课程发表评论以及他们认为课程如何代表他们。
我不太确定这样做的法律影响,但我很确定,如果您在教育机构工作,那么法律要求您的网站可供残障人士访问。 除了一个问题之外,代码完全没问题; 验证码。
据我所知,大多数验证码都是基于图像的,这将使那些使用屏幕阅读器的人感到困难。 最重要的是,支持声音朗读的设备可能效果不太好,因为在许多建筑物中没有扬声器供用户收听录音。 我总是可以使用一个小字段要求用户将两个数字放在一起,但这些通常太容易让机器人攻击。
我可能是小题大做了,但对于那些对可访问性感兴趣的人来说,这仍然是一个有趣的问题。 有谁知道在这种环境中阻止垃圾邮件发送者和用户的好方法吗?
I am writing a website in my spare time for an educational facility and from what I've read on the statistics of this place they seem to have many disabled students studying there. Simply put, I'm setting up an account system where students can log in and receive basic information about their courses, allowing them to comment on their courses and how they felt the course represented them.
I'm not too sure on the legal implications of this, but I am pretty sure that if you are working for an educational body then it is a legal requirement for your website to be accessible to those with disabilities. The code is perfectly fine, apart from one problem; the CAPTCHA.
As far as I am aware most CAPTCHAs are image-based, which will make those using screen readers struggle. On top of that, ones that support sound readings may not work too well as in many buildings there are no speakers for the user to listen to the recording. I could always use a small field asking a user to put two numbers together but those are often far too easy for bots to attack.
I may be making a mountain out of a molehill but it's still an interesting question for those that have an interest in accessibility. Does anyone know of a good way to keep spammers out and users in within this environment?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
首先,是的,你百分百正确地认为这是一个问题。 屏幕阅读器无法访问任何提供带有乱码文本的图像的验证码,如果您所在的组织必须支持它,则不能只使用验证码。
其次,我个人也 100% 同意音频验证码的局限性。
就我个人而言,我会实现一个标准的验证码,例如 ReCaptcha 或类似的东西,然后有一个“看不到图像”链接,如果您确实需要的话,可以将它们带到不太安全的验证码。 这实际上取决于您网站的目的。 简单的数学可以起作用,但做起来有点困难。
但考虑到您的系统,我几乎会说您将系统限制为经过身份验证的用户进行输入,然后不需要验证码来进行评论或其他提交,因为这可以避免这个问题。
此网站显示了其他基于文本的验证码项目的示例,但取决于观众,它们可能会也可能不会。
First of all, yes you are 100% correct that it is an issue. Any captcha that provides images with garbled text are NOT accessible to screenreaders, and if you are in an organization that has to support it, you CANNOT just use a captcha.
Secondly, I personally agree 100% about the limitations of a audio captcha as well.
Personally I would implement a standard Captcha such as ReCaptcha or something similar then have a "can't see the image" link, that takes them to a less secure captcha, if you really need to have one. It really depends on the purposes of your site. Simple math can work, but it is a bit harder to do.
But given your system, I'd almost say that you limit the system to authenticated users for input, and then not require a captcha for comment or other submissions, as that avoids the issue.
This site shows an example of other text based captcha items, but depending on the audience they may or may not be possible.
考虑滚动您自己的基于文本的验证码。
机器人可以访问且无法预料。 见鬼,混入只有这些学生才知道的东西,比如关于学校的琐事。 至少在他们完成表格填写之前,验证码有一些有趣的地方,而不仅仅是一个烦人的、客观的步骤。
Consider rolling your own text-based CAPTCHAs.
Accessible and not anticipated by bots. Hell, mix in stuff that only these students would know, like trivia about the school. At least then there's some intrigue to the CAPTCHA instead of just an annoying, impersonal step before they can finish filling out the form.
我是一名完全失明的大学生,想知道为什么你需要 Captia? 在我的学校,任何在线调查在进行之前都会使用学生的电子邮件和密码登录。 其次,我发现一些音频 Captia 无法访问,并且通常不值得花时间,除非它是我真正关心的网站。 即使您为您正在开发的网站提供了 captia 的音频版本,如果我是一名盲人学生,我可能也不会打扰该网站。 第三,如果学生使用 Firefox,则几乎所有图像 captia 都可以访问,请参阅 Webvisum 扩展
http://www.webvisum.com/
编辑:
如果这是大学赞助的网站,请向大学的残疾部门询问输入。 如果它是一个迎合特定大学学生的个人网站,那么就做你有时间做的事情,因为你不会满足由实际教育机构运营的网站的要求。
I'm a totally blind college student and wonder why you need captia's at all? At my school any online survey uses the students email and password to log in before taking it. Secondly I find some audio captia’s are not accessible and the ones that are usually aren’t worth the time unless it's for a site I really care about. Even if you provided an audio version of captia for the site you are working on if I was a blind student I probably wouldn't bother with the site. Third if the student is using firefox then almost all image captia’s are accessible, see the Webvisum extension at
http://www.webvisum.com/
Edit:
If this is a university sponsored website ask the disability department at the university for Input. If it is a personal website that caters to students of a specific university then do what ever you have time to do since you won't be under the requirements for sites run by an actual educational institution.
当然,根据定义,盲人(或任何需要屏幕阅读器的人)无法访问图像验证码; 它们被设计为机器无法读取/难以读取。
Surely by definition image CAPTCHA's are not accessible for blind people (or anyone who needs a screen reader); they are designed to be unreadable/hard to read for machines.
官方验证码网站表示“验证码的任何实施都应该允许盲人用户绕过障碍,例如,允许用户选择音频或声音验证码。”
我不是律师,但在我看来,如果你提供音频选项,那么你就是在适应视力受损的用户——确保他们有扬声器不是你的责任。
The Official CAPTCHA Site says "Any implementation of a CAPTCHA should allow blind users to get around the barrier, for example, by permitting users to opt for an audio or sound CAPTCHA."
I'm not a lawyer, but in my opinion if you provide the audio option then you are accommodating vision-impaired users -- it's not your responsibility to make sure they have speakers.
从您的个人资料中,我可以看到您在英国,因此我认为您需要遵守英国法律,包括DDA。 这是值得一读的,而且在很多情况下你只能尽最大努力,很多网站并不是绝对可以访问的。 您应该咨询您的同行以了解该机构的政策。
简而言之,验证码并不是每个人都可以使用。 也就是说,从纯图像验证码到可以用 HTML 表示的逻辑谜题,似乎存在一定程度的可访问性。 有些人也经历过与自己类似的旅程。
我认为最好退后一步,考虑一下您需要验证码的原因以及您希望将哪些人排除在外。 您是否考虑过对您的站点使用基于 IP 的限制,以便只有校园网络中的人员才能访问该站点,或者您的应用程序是否需要位于 Internet 上。
另一种选择是限制登录尝试的次数,并在一段时间内阻止尝试,或者锁定帐户,直到电子邮件中的链接受到限制。 与往常一样,您的情况可能会有所不同,但如果您提供更多背景信息,也许这里的人可以提供帮助。
From your profile your I can see that you are in the UK so I assume that you need to comply with UK law including the DDA. It is worthwhile reading, and in a lot of cases you can only make a best effort, lots of sites are not absolutely accessible. You should consult with your peers to understand the policy of the institution.
The short answer is that CAPTCHAs are not accessible to everyone. That said there seems to be a scale of accessibility from pure image CAPTCHAs to logic puzzles which can be represented in HTML. Some people have been along a similar journey to yourself.
I think it might be best to take a step back and consider your reasons for requiring the CAPTCHA and who you want to keep out. Have you considered using IP-based restrictions for your site so that only people on your campus network can access the site, or does your application need to be on the internet.
Another option is restricting the number of logon attempts, and preventing attempts for a time, or locking out the account until a link in an email is restricted. As always your mileage may vary, but perhaps people here can help if you provide more context.
是的,显然盲人无法访问基于图像的验证码。 音频验证码实际上并不是一个好的替代方案 - 除了扬声器问题之外,它们通常包含大量背景噪音,导致某些人无法访问它们。 如果您必须使用验证码,而不是限制用户的其他方法(您仅在创建帐户时使用验证码吗?或者在他们登录时使用验证码?),文本验证码可能是最佳选择。
Yes, obviously image-based CAPTCHAs are not accessible to the blind. Audio CAPTCHAs aren't really a good alternative - besides the speakers issue, they often contain a lot of background noise, rendering them inaccessible to some people. If you must use a CAPTCHA, rather than some other method of restricting users (Are you only using the CAPTCHA on account creation? Or anytime they log in?), text CAPTCHAs are probably the way to go.