CAPTCHA is failing everyone, not just bots. A 2024 study on Google's reCAPTCHA v2 found open-source machine learning models can solve image classification challenges with up to 100% accuracy. Humans are slower and less accurate. Bots complete reCAPTCHA in 17.5 seconds at 85% accuracy. Users collectively wasted over 819 million hours on 512 billion reCAPTCHA v2 sessions through 2023. The system is not protecting anyone. It is gatekeeping.
The accessibility damage is specific and documented. Screen readers cannot parse distorted text or image classification challenges. Audio CAPTCHA conflicts with web development best practices around autoplay. hCAPTCHA's cookie-based bypass relies on third-party cookies that most browsers block by default, and the one-time SMS code expires before many users can complete the flow. In WebAIM's 2023-2024 screen reader survey, CAPTCHA ranked as the single most problematic web element, above missing alt text, broken keyboard navigation, and ambiguous links. That ranking has held for over a decade.
The original article is worth reading in full because it does not stop at the problem. It traces why development teams keep shipping these tools despite the evidence, examines the specific failure modes of reCAPTCHA v2, reCAPTCHA v3, hCAPTCHA, GeeTest, and Arkose Labs, and lays out what accessible authentication actually looks like. If you build login flows or advise teams that do, the breakdown of each method's technical shortcomings is the part you need.
[READ ORIGINAL →]