search

GCTC-NTGC / TalentCloud

Talent Cloud aspires to be a cross-sectoral initiative testing new realities for talent in-and-out of government. // Nuage de talent s'efforce d'être une initiative intersectorielle mettant à l'essai de nouvelles réalités pour le talent à l'intérieur et à l'extérieur du gouvernement.
http://talent.canada.ca
MIT License
20 stars 12 forks source link

Spike - How to add Captcha/Honeypot without sacrificing accessibility? #2266

Closed tristan-orourke closed 4 years ago

tristan-orourke commented 4 years ago

Discussion of captcha and honeypot methods here #2263.

gggrant commented 4 years ago

Confirmed.

gggrant commented 4 years ago

Captcha is not accessible. Recommending this approach for both client/server side honeypot:

Front-end:

W3C - Captcha Alternatives and thoughts

The honeypot alternative described above will satisfy accessibility requirements. Keep in mind:

  • If there is proper labeling it can warn screen reader users not to fill it out
  • If there is no warning using aria-label etc.. then it could trap a screen reader user who fills it out not knowing it is a trap. It is likely that spam bots could figure out any warning text for screen reader users.

Examples of HTML, CSS, JS linked by W3C (I doubt that jQuery is necessary)

Back-end

https://github.com/spatie/laravel-honeypot

shawnthompson commented 4 years ago

Here's some information we've been working on at ESDC and are almost ready to published.

Are CAPTCHAs accessible?

gobyrne commented 4 years ago

We implemented honeypot and it does seem to be working.