The application needs confirmation that the action that is about to happen is done by a human rather than an automated machine


Present users with a mangled image containing numbers and letters that humans can still 'decipher' but is hard for machines to read.


Use when

Captchas main occur on a Form, often used as part of a Registration procedure or Comment Box. Mostly to prevent bogus user accounts from being created or link spam in Blog Page. Considering the accessibility problems of Captchas, they should be considered a 'last resort' and should only be used when other technical options have been tried. In all other cases, except the creating of accounts, public ID systems such as TypeKey or MS Live ID should be considered, although that poses additional 'barriers' for users as well.


A Captcha is a acronym for 'Completely Automated Public Turing test to tell Computers and Humans Apart'. So the idea is to create something that is 'do-able' for humans but very hard for computers to do in an automated way.

The most popular Captchas are using mangled images with characters in them. Humans can still see them and have to enter them before completing the task at hand, as the 'proof' of their being human. Usually up to 5 symbols are enough and lines, colors, and other distortions are used to mangle the image.

The basic interaction here is that the user is asked to enter the numbers in the image shown. Upon submitting the Form, the number is verified. If correct, the action will be completed and otherwise refused and an error message is displayed.


A Captcha is a basic form of a Turing test. The effectiveness of the Captha depends on how difficult the task is. Some OCR systems are able to 'crack' a Captcha but if you make the Captcha too difficult it will also cause problems for humans. In addition, it speaks for itself that a Captcha is also very hard to use for people who are visually impaired. Note that some blog spammers employ humans to create spam blog so a Captcha is not an effective countermeasure.

If this common form of Captcha does not work for you, consider other Turing tests such as a 'math problem' or 'trivia question', or even a 'voice captcha'.

More Examples

Google also uses a Captcha when you are signing up for a Gmail account:


Wikipedia on Captchas
Inaccessibility of CAPTCHA (W3C)
Breaking a Visual Captcha

Code examples

Captcha Creator (PHP)
PHP Captcha security
plml logo


2 comments have been added to this pattern

Damon, 6th May 2009
Not all Captchas are created equal; some are so distorted that their lack of readability poses a usability barrier to well-intentioned users. If the risk/impact of abuse is low, a better approach may be to ask a user to simply "Type eskimo here:"
Shyla, 25th June 2010
Captcha's are a nightmare for user experience. Essentially the burden for spam filtering is shifted from the website provider to the website visitor. The visitor is then presumed to represent a nuisance until he proves otherwise. It's the perfect example of internal needs trumping user centered design principles.

Add a comment
Do you have something to add or say about this pattern? Perhaps some more examples of how this pattern is used in the wild? Add a comment to this pattern and I'll update the pattern when necessary. Please abstain from misuse. I reserve the right to delete or modify inappropriate postings.

Your Name


Enter the verification code you see in the image below