Open srtalbot opened 2 years ago
hillaryl
commented
2 years ago A review of captcha accessibility: https://www.w3.org/TR/2019/NOTE-turingtest-20191209/
Seems like Google reCAPTCHA v2 is the most accessible options, but still has some accessibility problems along with privacy concerns that may not work for us.
hillaryl
commented
2 years ago Two more user stories based on end-user profiles that are particularly relevant here:
As someone using assistive technology like, Voiceover, JAWS, or Dragon Naturally Speaking I need to be able to verify that I am not a robot or a malicious actor So that I can submit the form
As someone with low technical proficiency who doesn't know much about bots or spam I need to understand what I am being asked to do and why So that I can successfully and confidently verify that I’m a human and submit my form
User story: Persona based As an end-user using any interaction device (mouse, screen, screen reader, other adaptive technology) I need to know what my next steps are if I am suspected as a bot by reCAPTCHA V3, or if I am denied service So that I can follow up via a different channel and continue to get the service I need
As a program administrator processing form responses I need to focus my time on legitimate responses So that I can decrease the processing time of requests
As a program administrator I need to spend my time processing legitimate forms So that my program can meet operational deadlines
Threat level: Spam prevention level 2: We can stop a malicious actor who is writing a custom script to spam a single (or multiple) GC Form(s).
ITSG-33 controls: SC-5, SI-10
Story context Newest documentation is first in list. Service flow for spam prevention using recaptcha V3 Options analysis for spam prevention
Risk register entry Thread on spam prevention ideas from Pat Heard WCAG research on captcha Previous discussion in #interaction-design, with recommendation from Julianna Recommended option for analysis
Design Documentation
Technical implementation