FUNcaptcha: Spoiler – it’s not fun

Written by Abi Hough

19th February 2021

Read time: 10 mins

Being human is hard enough…

I’m sure we’ve all been through an annoying captcha experience at one time or another. I have found that invariably these little boxes asking me to prove my humanity appear at the most inconvenient of times – normally when I’m in a rush and just trying to get something done. What’s even more annoying is that despite being sold as a security feature (“We’re protecting your account!”) they are in fact just a bane to my existence and make me question not only my sanity and humanity, but also why on earth the onus has been put on me, as a user, to prove my viability in life generally.

Introducing FUNcaptcha!

Whilst I might normally grumble about captcha experiences and inanely fumble my way through the process, a recent experience with one of these modal overlays of misery really got my blood boiling. I’ve seen most variations of captcha, but it appears Roblox have conjured up their own level of hell when it comes to logging into your account in the form of some sort of satanic brain training, courtesy of Arkose Labs. Figure out a screwed-up picture word? No. Find a bus (or parts thereof) in multiple images? No. Let’s try something even more frustrating!

Level 1 – Roly Poly

Rules: flip the image with the rotate tools until a random image is the right way around.

Initial number to complete: 5

Time penalty: take too long and you’ll be asked to complete more (up to 9) or asked to start again

Failure: Get one image wrong and you must start again

Level 2 – Going Spotty

Rules: Ohh maths, awesome! Pick the pair of dice that add up to 7. Simples!

Initial number to complete: 4

Time penalty: take too long and you’ll be asked to complete more (up to 8) or asked to start again

Failure: Get one match wrong and you must start again

Level 3 – Icon Lover

Rules: pick the 2 dice that have the same icons. Pattern matching, fabulous.

Initial number to complete: 4

Time penalty: take too long and you’ll be asked to complete more (up to 8) or asked to start again

Failure: Get one match wrong and you must start again

Level 4 – Digits & Dots

Rules: pick the group of dice that add up to the required amount. 

Initial number to complete: 5

Time penalty: take too long and you’ll be asked to complete more (up to 10) or asked to start again

Failure: Get one match wrong and you must start again

Am I missing the fun?

This is not just me being particularly cranky about this type of captcha due to personal grievances. There are some sound reasons as to why it is just plain infuriating on so, so many levels. So let’s dig a bit deeper. 

Image quality

Ok, let’s get the obvious one out of the way. It is not an unknown fact that image quality on any captcha is generally awful. Asking users to identify fine details such as icons, dots and numbers on pixelated imagery is only made more difficult if they are looking at something that has been through compression so many times it has had every last pixel of data squeezed out of it. 

Let’s also take a moment here to mention that shadows, reflections, rotations and angles also add to the difficulty.

Image size

Consider the presentation of these capture overlays on mobile devices.

I can tell you from first-hand experience, that on an iPhone 12 they are difficult to see and required my face to be inches from my phone.

Why try to fit 3×2 in this limited space, when actually there is enough vertical space to at least have 2×3 instead giving each image more room to be displayed?

Oh, and if you’re interested to know, each of those blocks is 1.5cm x 1.5cm. Barely bigger than the end of my finger. No, I don’t have fat fingers before you ask 🙂

 

Contrast

Some of the combinations of colours, combined with the poor image quality means that some users are going to find it impossible to solve these challenges simply because they can’t see them correctly if they have colour blindness or other visual impairments. This is not unique to FUNcaptcha and is an endemic problem to most captcha systems.

UX

On Roblox, the captcha request happens as soon as you enter your username and password and hit the log in CTA. This is pretty standard procedure, but there is a deathly trap in the process. The log in form has several flaws that mean the likelihood of having to recomplete a captcha is high:

1. Username input has autocapitalisation on

2. Password input has no way of seeing what you’ve typed (show password)

3. Both of these inputs have form labels within the field that disappear as soon as the input has focus. Just NO!

4. The in-field labels is barely visible – the contrast is too low. How low you may wonder? Low enough to fail all basic accessibility requirements.

 

roblox mobile log in screen

Timing Limit

Obviously, every challenge needs added complexity, right? FUNcaptcha provides this by the way of a time limit set to complete the task. This triggers in 2 ways:

  1. You didn’t start fast enough
  2. You took too long to pick an image

Fail either 1 or 2 and you’re asked to start again. 

 

 

time limit failure on funcaptcha

It’s not just me, either 

It seems that so hated is this captcha solution that Roblox players in their droves have resorted to posting YouTube videos to vent their frustrations, I have to say the following are my favourites:

 

There are a whole host of complaints, but broadly speaking fall into the following categories

Key audience – consider for a moment who Roblox is generally aimed at, kids right? And despite the 7+ age rating you can bet your bottom dollar there are kids younger than this playing the game. How well can they handle this type of verification?

 

Support audience – lets also not forget the parents of these kids who may need to log into a Roblox account for example to add funds or just to check there is no unpleasant behaviour occurring. I’ll take myself as an example. I’m old(ish) – my eyes are a bit naff and quite honestly, I have better things to do with my time than trying to solve a relentless challenge when I’ve got a 10 year old hovering over my shoulder for his next installment of Robux because he’s mopped the floors and dusted the living room.

tweet about how difficult funcaptcha is

Bugs – as if it wasn’t bad enough to try and overcome a seemingly impossible captcha, the implementation has been plagued with bugs resulting in users unable to access their accounts even though they have completed verification successfully, FUNcapture still says no!

 

So, is there a better way?

Of course! Here are a few that offer a less fractious approach:

  1. Simple questions (eg. maths)
  2. Honeypots / time based forms
  3. Biometrics
  4. 2 factor authentication
  5. noCaptcha from reCaptcha

As an optimiser and conversion rate specialist the answer to “what is the least awful thing we can put our users through” would easily answered through a/b testing and analysing the impact on users against other metrics, such as number of fake accounts slipping through the net for example and finding the right balance.

I fully understand why verification needs to be in place, but I am convinced these stupid mind games are not the best way.

That’s not to say that research hasn’t gone into tailoring captchas towards particular demographics, a quick google pulls up numerous resources for such – here is just one example: Usability Analysis of the Image and Interactive CAPTCHA via Prediction of the Response Time which found the following:

 

  1. The response time to the image based CAPTCHA is highly predictable by using our model
  2. The predictability increases when interactive tasks are added to the image-based CAPTCHA, in the example of the game-based CAPTCHA
  3. The device on which the test is solved has a low influence on predicting the response time to the game-based CAPTCHA

Brodic, Darko & Amelio, Alessia & Ahmad, Nadeem & Shahzad, Syed Khuram. (2017). Usability Analysis of the Image and Interactive CAPTCHA via Prediction of the Response Time. 252-265. 10.1007/978-3-319-69456-6_21.

So perhaps there are baby steps to improving these carbuncles of the internet, but for now I guess we just have to remain frustrated human users whilst those asking us to verify ourselves continue to figure out how to make it the most infuriating facet of any user experience.

You Might Also Like…

Not supported? Not interested!

Not supported? Not interested!

Nothing in this life irks me more than the sheer volume of tripe I get in my inbox every day. So much so in fact, the...

Chunky Monkey

Chunky Monkey

Embracing Chunk It seems to me there is an ongoing plethera of mess ups when it comes to data entry. Especially when...