Log in
It's never been easier to join the growing Companion Bot family; here’re 4 clever creations from some of our favorite bot makers!
The post How to “Make” Friends – 4 Clever Companion Bots appeared first on Make: DIY Projects and Ideas for Makers.
|
Sr. Content Developer at Microsoft, working remotely in PA, TechBash conference organizer, former Microsoft MVP, Husband, Dad and Geek.
|
Pennsylvania, USA
The Story Behind WindowSill’s Extensibility
If you’re a .NET dev building desktop apps with the Windows App SDK, you’ve probably hit that point where “just ship a feature” turns into “I really need this to be extensible.” You want plugins, not hardcoded menus. You want other people to bolt on UI and behavior without you cutting a new release every time.
WindowSill leans all the way into that idea. It’s an AI-powered command bar for Windows where each “sill” is an extension: a NuGet package with metadata, APIs to implement, and its own UI. Think VS Code or Office add-ins, but for a command bar that can grow in directions the original author never planned.
That architecture choice is the interesting part: extensions are installed into local app data, loaded dynamically, and allowed to bring their own XAML. On paper, that’s exactly the kind of flexibility you want. In practice, it runs straight into WinUI 3’s assumptions about compiled XAML and PRI files living in the app install folder. As soon as an extension tries to surface UI, the resource system taps out.
This post walks through how Etienne worked around that limitation by shifting to code-first UI with Uno Platform’s C# Markup, then later folded in a community workaround (DynamicXaml) to bring “normal” XAML back into the mix. By the end, you’ll have a concrete pattern for building dynamically loaded UI in .NET – when to reach for C# Markup, when XAML still makes sense, and how to design your own extensible app so it doesn’t collapse the moment you step off the happy path.
The Technical Hurdle: When XAML Doesn’t Load
WindowSill has an extensibility mechanism. Each “sill” or “command bar” you see in the UI is powered by an extension, which is nothing more than NuGet package with extra metadata and implementation of some API entry-points. They work similarly to Visual Studio extensions, Visual Studio Code extensions or Office adds-in. Extensions are installed in the app’s local data and loaded dynamically at runtime.
WindowSill is developed in WinUI3. For resource management, such as strings from RESW files or XAML, a `.pri` file is generated at built time for each WinUI3 project. A PRI file (Package Resource Index) is essentially a binary lookup table mapping resource keys (like “Resources/String1”) to assets. It’s part of the resource loading system used by XAML, ResourceLoader, and ResourceManager.
By design, WinUI3 apps expect all .pri files to be in the application installation folder. However, in the case of WindowSill, since extensions are installed in the app’s local data folder and not the installation folder (due to the importance of isolating extensions from the rest of the app), extension’s .pri files can’t be found by WinUI3. This cause extensions to crash as soon as they try to surface a UI coded using compiled XAML.
A potential workaround have been explored though: XamlReader.Load(string). This method allows to read a XAML file on the fly. But it comes with its own caveat. For example, {ThemeResources} are not supported. {x:Bind} is also not supported. Therefore, we need to use {Binding} and set the DataContext are runtime. Similarly, the code behind (often placed in a `.xaml.cs`) and FindName are not supported.
This means that in order to access a control that is deep in the visual tree of the XAML we loaded, we need to iterate through various children until finding the control we desire. .
This isn’t ideal as it makes the whole developer experience cumbersome.
Another workaround is to create all the UI using C#. Create a new instance of TextBox, Buttons and set their properties directly when our sill / UI should be presenter.
The Workaround: Bringing Uno Platform’s C# Markup into the Picture
This is where Uno Platform’s C# Markup became ideal. It provides a declarative, fluent API for defining WinUI/Uno XAML user interfaces directly in C# code, without relying on compiled XAML or PRI-based resource resolution. While it is just like creating instances of TextBox of Button manually like mentioned above, it comes with a set of features that makes it much more pleasant to write. For example, Binding are much more simplified, making MVVM easier to implement
// Before
DataContext = new CounterViewModel();
var button = new Button
{
Content = "Increment"
};
button.SetBinding(
Button.CommandProperty,
new Binding
{
Path = new PropertyPath(nameof(CounterViewModel.IncrementCommand)),
Mode = BindingMode.OneWay
});
Content = new StackPanel
{
Children = { button }
};
// After
DataContext(
new CounterViewModel(),
(view, viewModel) => view
.Content(
new StackPanel()
.Children(
new Button()
.Content("Increment")
.Command(x => x.Binding(() => viewModel.IncrementCommand).OneTime())
)
)
);
Coupled with an awesome support of auto-completion in Visual Studio which surfaces the C# Markup’s extension methods instantly, this simple “trick” made the development of UI for WindowSill extensions much faster and smoother, bypassing the limitation of XAML and Pri files, along with making C#-based UI creation much easier.
The Breakthrough: When XAML Became Possible Again
Later on during WindowSill development, and thanks to the awesome support of Windows App Community, another workaround has been discovered, allowing to make WinUI3 loading PRI files even when they are not in the application installation folder. DynamicXaml, a C++ library for UWP and WinUI3 made by Ahmed Walid, hacks into WinUI3 API to load PRI files any time. It hooks up the ResourceManager, allowing it to load any PRI file and map resources accordingly.
Thanks to this, WindowSill extension developers can also use regular XAML, even with `{x:Bind}` and code behind. There’s no need of extra work for developers as WindowSill will automatically look for PRI files and load them on startup, making the developer experience seamless. This gives a great flexibility, as developers can now choose between declarative (XAML) or fluent (C# Markup) styles depending on needs and preference. When the UI is simple enough, C# Markup can make a lot of sense. When the UI becomes complex, a traditional XAML approach is probably preferred.
Real Extensions, Real Use Cases
Here is an example with WindowSill’s URL Helper extension, which allows to shorten any URL selected in any app (such as Microsoft Edge, Notepad, Evernote, Notion, etc.).
The snippet below allows you to get the UI you can see inn the popup appearing above “Shorten URL”:
var shortenURLSillPopupViewModel = new ShortenURLSillPopup(currentSelection);
return new SillPopupContent(shortenURLSillPopupViewModel.OnOpening)
.Width(350)
.DataContext(
shortenURLSillPopupViewModel,
(view, viewModel) => view
.Content(
new Grid()
.Padding(8)
.ColumnSpacing(8)
.HorizontalAlignment(HorizontalAlignment.Stretch)
.ColumnDefinitions(
new ColumnDefinition() { Width = new GridLength(1, GridUnitType.Star) },
new ColumnDefinition() { Width = GridLength.Auto }
)
.Children(
new TextBox()
.Grid(column: 0)
.VerticalAlignment(VerticalAlignment.Center)
.IsReadOnly(true)
.IsEnabled(x => x.Binding(() => viewModel.GeneratedUrl).Convert(url => !string.IsNullOrEmpty(url)))
.PlaceholderText("/WindowSill.URLHelper/ShortenURL/UrlTextBoxPlaceholderText".GetLocalizedString())
.Text(() => viewModel.GeneratedUrl),
new Button()
.Grid(column: 1)
.Style(x => x.ThemeResource("AccentButtonStyle"))
.VerticalAlignment(VerticalAlignment.Stretch)
.IsEnabled(x => x.Binding(() => viewModel.GeneratedUrl).Convert(url => !string.IsNullOrEmpty(url)))
.MinWidth(64)
.ToolTipService(toolTip: "/WindowSill.URLHelper/ShortenURL/CopyButtonToolTip".GetLocalizedString())
.Command(() => viewModel.CopyCommand)
.Content(
new Grid()
.Children(
new ProgressRing()
.IsIndeterminate(x => x.Binding(() => viewModel.GeneratedUrl).Convert(url => string.IsNullOrEmpty(url)))
.Height(16)
.Width(16),
new TextBlock()
.Visibility(x => x.Binding(() => viewModel.GeneratedUrl).Convert(url => string.IsNullOrEmpty(url) ? Visibility.Collapsed : Visibility.Visible))
.Text("/WindowSill.URLHelper/ShortenURL/Copied".GetLocalizedString())
)
)
)
)
);
This is what you can build once you remove the constraints. WindowSill’s GitHub contains the source code of all built-in extensions, which are a great source of sample for extension developer in addition to the official documentation.
Lessons for Developers: Dynamic UI Beyond XAML
If you’re building extensible .NET apps – plugins, extensions, or “mini-apps inside the app” – WindowSill is a useful reality check. At some point, your UI stops being something you compile once and ship, and starts being something you have to compose at runtime.
In that world, a few patterns from this story are worth keeping in your mental toolbox.
Dynamic UI pushes you toward code-first
Once extensions live outside your main app package, a lot of “normal” XAML assumptions break:
PRI files aren’t where WinUI expects them
Compiled XAML can’t see resources the way you’d like
You don’t control when or how extension assemblies show up
At that point, defining UI in code stops being a stylistic preference and becomes the simplest way to keep things working. You still care about clean structure and maintainability – you just can’t rely on the usual build-time pipeline.
C# Markup makes code-first ergonomic, not painful
Etienne could have hand-wired new Button { … } trees everywhere, but that gets unreadable fast. UnoPlatform’s C# Markup fixes the usual pain points:
You keep strong typing and tooling support
Bindings stay concise enough that MVVM still feels natural
Layout and visual structure are expressed in a way that’s easy to refactor and share
C# Markup doesn’t just “cover” for a missing feature – it turns the limitation into a design strength. Extension UIs become easier to generate, test, and evolve as regular C# code.
Uno Platform is modular – even in a Windows-only world
None of this required “going full cross-platform” or rewriting the app on Uno Platform. WindowSill is still a Windows App SDK / WinUI 3 app. Uno Platforms C# Markup is being used as a targeted tool to solve one specific class of problem: dynamic, extensible UI.
That mindset scales:
You can adopt Uno Platform pieces incrementally
You can pull in C# Markup where XAML is awkward or impossible
You don’t have to change your whole stack to benefit from the ecosystem
Design for options, not one permanent answer
Later in the project, DynamicXaml made it possible to load PRI files and use “normal” XAML again – including {x:Bind} and code-behind – even for extensions. Because the architecture wasn’t locked into one approach, WindowSill could keep both:
C# Markup for simple, highly dynamic or code-friendly UIs
XAML for more complex layouts where designers and XAML tooling shine
The bigger takeaway: flexible architecture pays off when the ecosystem moves. New libraries, hacks, and community discoveries can slot in without forcing a rewrite.
If this resonated with the kind of problems you’re solving, here are a few concrete next steps:
- Try WindowSill – See the extensibility model in a real app
- Explore Uno C# Markup – Start with the Uno docs and try rebuilding one small screen in fluent C#.
- Join the Uno community – Share your own extension / plugin stories or ask questions about C# Markup patterns.
The post Overcoming WASDK’s XAML Limitation with Uno Platform’s C# Markup: appeared first on Uno Platform.
Pennsylvania, USA
Another set of updates for the 2025.3 versions of ReSharper and Rider has just been released. Let’s take a look at what’s been improved.
ReSharper 2025.3.0.3
The most notable fix of this build is that extension methods from source-only NuGet packages are now recognized correctly in the editor and by InspectCode. [RSRP-502165]. You can find the complete list of issues resolved in this build on our issue tracker.
Rider 2025.3.0.3
The update brings the following fixes:
- Automatic package restore now works correctly again. [RIDER-132445]
- Rider now correctly detects the ApplicationId from the Android manifest in .NET MAUI projects. [RIDER-132426]
- Occurrence markers are now shown correctly on the scrollbar again when placing the caret on a symbol in C# code. [RIDER-132306]
- Identifier-under-cursor markers are now shown correctly in the error stripe gutter again. [RIDER-132345]
- Solution-Wide Analysis performance has been restored. Code analysis no longer pauses for several seconds after edits, and highlights update instantly again. [RIDER-132309]
- Find in Files now returns results reliably again. [RIDER-132487]
- A regression in the Blazor editor support that prevented Razor files from loading has been fixed. [RIDER-132327]
- Extension methods from source-only NuGet packages are now recognized correctly in the editor and by InspectCode. [RSRP-502165]
For the full list of issues we’ve resolved in this build, please refer to our issue tracker.
You can download the latest builds from our website (Rider, ReSharper) or via the Toolbox App. You can also update Rider as a snap.
Pennsylvania, USA
The ultimate goal of platform engineering is not straightforward and deserves nuanced consideration. Platform engineering is a discipline, within the cloud native world, that serves as an aid to streamline workflows and ensure consistency. But that’s not all.
While it is true that platform engineering is fundamental to building internal tools that optimize operations and facilitate platform teams, its ultimate impact extends further than managing complex sets of organizational and technical practices.
In essence: Platform engineering is not an end in itself, because the core value of platform engineering initiatives lies in application development.
Understanding that platform engineering pursues a further goal and internal developer platforms (IDPs) serve a broader scope, means to acknowledge that the platform itself is a conduit and application development is the true enabler of value generation, distribution and maintenance.
IDP: Your Self-Service Foundation To Boost Productivity
The shift from traditional, often cumbersome, infrastructure provisioning to a self-service model is somehow revolutionary for application development. Historically, developers have faced significant delays and friction due to heavy reliance on other teams even for basic infrastructure and operational needs.
IDPs have greatly eased developers from most of their cognitive burden, allowing them to perform with unmatched speed and focus on innovation, business logic and distribution of value rather than underlying complexities.
Basically, IDPs turn infrastructure resources, tools and services into highly functional and automated components to get the job done faster, smoother and more securely. The developer becomes a craftsman entitled to build applications, relying on a solid foundation with ready-made tools.
The gateway to such a foundation is the internal developer portal: a consolidated and intuitive interface that gives seamless access to platform capabilities and resources with service discoverability, documentation, scaffolding templates and customizable dashboards.
Developers can single-handedly provision and configure their own resources by following predetermined best practices and recommendations, while pre-approved tools and configurations ensure total alignment with security, architecture and compliance guidelines that developers and even AI agents can actively use.
Accelerate The Entire Development Life Cycle
Platforms aim to consolidate and industrialize the end-to-end software production process within a single hub, granting velocity, governance and compliance at every stage beyond just backend or API provisioning. Here are some examples:
- A developer wants to create a new microservice and expose it via an API endpoint. Instead of manually configuring routing, load balancing and security policies, they use the platform’s self-service interface to define the new service and its endpoint. The platform automatically provisions the necessary infrastructure, sets up routing via an API gateway and applies default security measures, making the service immediately accessible and secure.
- A frontend developer needs to build a complex, modular user interface by integrating multiple components and legacy systems. Rather than coding everything from scratch, the developer can use a no-code/low-code tool. This allows visually assembling pages by dragging and dropping pre-built components (tables, forms, charts) and integrating micro-frontends built with different technologies or even legacy applications through iFrames. The platform accelerates frontend creation, ensures consistency and reduces integration complexity, enabling faster delivery of a polished user experience without deep frontend framework expertise.
- AI-native platforms with integrated AI assistants and Model Context Protocol (MCP) servers can streamline processes even more, enabling multiple use cases and bringing in diverse roles. A chief information security officer can ask the assistant to generate an audit report for all configuration changes in a specific project over the last month, including who made each change and when. The MCP server is the middleware that allows context-aware interactions between AI systems and enterprise live data, enforcing monitoring and compliance without manual efforts.
From Productivity To Accelerated Business Results
The platform’s value is directly proportional to the speed at which developers can release new features and solutions. Reduced cognitive load for developers means they can concentrate on creative problem-solving and efficient implementation of business logic.
Think about a self-service film studio fully equipped with state-of-the-art cameras, lighting and sound stages, all readily accessible. Easily, the true value is not the studio itself, but the blockbuster films (applications) that the directors and crew (developers) can now produce seamlessly, faster and at a higher quality, because they have immediate, on-demand access to every tool they need, significantly boosting their creative output and productivity.
In essence, a modern manufacturing assembly line — the developer platform — is valuable not because of its sophisticated machines, but because it enables the production of finished products, or developed applications, at an unprecedented rate, making the company meet market demand and grow.
The impact of a self-service approach is actually measurable: This velocity translates to business metrics like reduced time to market, increased deployment frequency, faster experimentation and a quicker response to competitor actions. Therefore, benefits are substantial for both developers and organizations: Complete autonomy, infrastructure and operational standardization, accelerated deployments, scalable automation and enhanced productivity, accelerate the software development life cycle (SDLC )and increase the return on investment (ROI).
Self-Service App Development: Discover, Compose, Reuse
Self-service application development is achievable through modular approaches such as composability.
If the internal developer portal is the interactive veil bridging the actionable software and hidden assets, the software catalog is the foundational registry to discover and organize these assets. Composable platforms often feature a prominent marketplace, which is a more visible and manifested counterpart of the software catalog and typically includes templates, plugins, APIs, data bundles and applications.
At the heart of composability, there’s the principle of assembling new solutions or modifying existing ones. This approach not only speeds up the SDLC but also offers greater resource visibility to other functional areas, minimizing redundancy.
Intelligent dashboards and AI agentic workflows can significantly enhance the entire process, assisting developers with routine tasks and debugging, providing context-aware iterations tailored to specific needs or supporting informed business decisions.
Developers as Customers, Value as the Outcome
Platform engineering isn’t an end in itself. Its core premise lies in a strategic initiative whose primary purpose is to help developers build applications.
Somehow, the platform acts as a product and its developers perform as active customers. But a platform can be a successful product only if its infrastructure remains invisible to the developers. In other words, a curated ecosystem that allows developers to focus only on solving business problems and producing value for the organization.
Platform engineering realizes tangible ROI when it directly empowers application developers and product teams, triggering a virtuous cycle of cost savings, risk reduction and increased revenue.
Organizations that successfully implement a holistic internal platform might have more possibilities to ensure long-term growth and innovation, becoming more agile and responsive to market demands.
By prioritizing the developer experience and equipping software engineers with robust, self-service tools, platform engineering directly fuels the engine of business value and market competitiveness.
The post Platform Engineering’s True Value Is in Application Development appeared first on The New Stack.
Pennsylvania, USA
Exploring how experimenting with Three.js, React Three Fiber, and GSAP shaped the final experience.
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/Kapture-2025-05-29-at-16.07.48.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/test-layout-copie-2.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/portal.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/Kapture-2025-07-24-at-15.33.01.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/project-titles-copie-2.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/Kapture-2025-11-10-at-12.17.59.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/morph-svg-copie.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/morph-svg-final.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/Kapture-2025-09-23-at-10.25.21.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/Kapture-2025-11-10-at-19.03.08.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/Kapture-2025-05-29-at-16.07.48.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/test-layout-copie-2.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/portal.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/Kapture-2025-07-24-at-15.33.01.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/project-titles-copie-2.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/Kapture-2025-11-10-at-12.17.59.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/morph-svg-copie.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/morph-svg-final.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/Kapture-2025-09-23-at-10.25.21.mp4?x49452
Download video: https://codrops-1f606.kxcdn.com/codrops/wp-content/uploads/2025/11/Kapture-2025-11-10-at-19.03.08.mp4?x49452
Pennsylvania, USA
The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) has become ingrained in internet browsing since personal computers gained momentum in the consumer electronics market. For nearly as long as people have been going online, web developers have sought ways to block spam bots.
The CAPTCHA service distinguishes between human and bot activity to keep bots out. Unfortunately, its methods are less than precise. In trying to protect humans, developers have made much of the web inaccessible to people with disabilities.
Authentication methods, such as CAPTCHA, typically use image classification, puzzles, audio samples, or click-based tests to determine whether the user is human. While the types of challenges are well-documented, their logic is not public knowledge. People can only guess what it takes to “prove” they are human.
A CAPTCHA is a reverse Turing test that takes the form of a challenge-response test. For example, if it instructs users to “select all images with stairs,” they must pick the stairs out from railings, driveways, and crosswalks. Alternatively, they may be asked to enter the text they see, add the sum of dice faces, or complete a sliding puzzle.
Image-based CAPTCHAs are responsible for the most frustrating shared experiences internet users have — deciding whether to select a square when only a small sliver of the object in question is in it.
Regardless of the method, a computer or algorithm ultimately determines whether the test-taker is human or machine. This authentication service has spawned many offshoots, including reCAPTCHA and hCAPTCHA. It has even led to the creation of entire companies, such as GeeTest and Arkose Labs. The Google-owned automated system reCAPTCHA requires users to click a checkbox labeled “I’m not a robot” for authentication. It runs an adaptive analysis in the background to assign a risk score. hCAPTCHA is an image-classification-based alternative.
Other authentication methods include multi-factor authentication (MFA), QR codes, temporary personal identification numbers (PINs), and biometrics. They do not follow the challenge-response formula, but serve fundamentally similar purposes.
These offshoots are intended to be better than the original, but they often fail to meet modern accessibility standards. Take hCaptcha, for instance, which uses a cookie to let you bypass the challenge-response test entirely. It’s a great idea in theory, but it doesn’t work in practice.
You’re supposed to receive a one-time code via email that you send to a specific number over SMS. Users report receiving endless error messages, forcing them to complete the standard text CAPTCHA. This is only available if the site explicitly enabled it during configuration. If it is not set up, you must complete an image challenge that does not recognize screen readers.
Even when the initial process works, subsequent authentication relies on a third-party cross-site cookie, which most browsers block automatically. Also, the code expires after a short period, so you have to redo the entire process if it takes you too long to move on to the next step.
Why Do Teams Use CAPTCHA And Similar Authentication Methods?CAPTCHA is common because it is easy to set up. Developers can program it to appear, and it conducts the test automatically. This way, they can focus on more important matters while still preventing spam, fraud, and abuse. These tools are supposed to make it easier for humans to use the internet safely, but they often keep real people from logging in.
These tests result in a poor user experience overall. One study found users wasted over 819 million hours on over 512 billion reCAPTCHA v2 sessions as of 2023. Despite it all, bots prevail. Machine learning models can solve text-based CAPTCHA within fractions of a second with over 97% accuracy.
A 2024 study on Google’s reCAPTCHA v2 — which is still widely used despite the rollout of reCAPTCHA v3 — found bots can solve image classification CAPTCHA with up to 100% accuracy, depending on the object they are tasked with identifying. The researchers used a free, open-source model, which means that bad actors could easily replicate their work.
Why Should Web Developers Stop Using CAPTCHA?Authentication methods like CAPTCHA have an accessibility problem. Machine learning advances forced these services to grow increasingly complex. Even still, they are not foolproof. Bots get it right more than people do. Research shows they can complete reCAPTCHA within 17.5 seconds, achieving 85% accuracy. Humans take longer and are less accurate.
Many people fail CAPTCHA tests and have no idea what they did wrong. For example, a prompt instructing users to “select all squares with traffic lights” seems simple enough, but it gets complicated if a sliver of the pole is in another square. Should they select that box, or is that what an algorithm would do?
Although bot capabilities have grown by magnitudes, humans have remained the same. As tests get progressively more difficult, they feel less inclined to attempt them. One survey shows nearly 59% of people will stop using a product after several bad experiences. If authentication is too cumbersome or complex, they might stop using the website entirely.
People can fail these tests for various reasons, including technical ones. If they block third-party cookies, have a local proxy running, or have not updated their browser in a while, they may keep failing, regardless of how many times they try.
Authentication Issues With CAPTCHADue to the reasons mentioned above, most types of CAPTCHA are inherently inaccessible. This is especially true for people with disabilities, as these challenge-response tests were not designed with their needs in mind. Some of the common issues include the following:
Issues Related To Visuals And Screen Reader Use
Screen readers cannot read standard visual CAPTCHAs, such as the distorted text test, since the jumbled, contorted words are not machine-readable. The image classification and sliding puzzle methods are similarly inaccessible.
In one WebAIM survey conducted from 2023 to 2024, screen reader users agreed CAPTCHA was the most problematic item, ranking it above ambiguous links, unexpected screen changes, missing alt text, inaccessible search, and lack of keyboard accessibility. Its spot at the top has remained largely unchanged for over a decade, illustrating its history of inaccessibility.
Issues Related To Hearing and Audio Processing
Audio CAPTCHAs are relatively uncommon because web development best practices advise against autoplay audio and emphasize the importance of user controls. However, audio CAPTCHAs still exist. People who are hard of hearing or deaf may encounter a barrier when attempting these tests. Even with assistive technology, the intentional audio distortion and background noise make these samples challenging for individuals with auditory processing disorders to comprehend.
Issues Related To Motor And Dexterity
Tests requiring motor and dexterity skills can be challenging for those with motor impairments or physical disabilities. For example, someone with a hand tremor may find the sliding puzzles difficult. Also, the image classification tests that load more images until none that fit the criteria are left may pose a challenge.
Issues Related To Cognition And Language
As CAPTCHAs become increasingly complex, some developers are turning to tests that require a combination of creative and critical thinking. Those that require users to solve a math problem or complete a puzzle can be challenging for people with dyslexia, dyscalculia, visual processing disorders, or cognitive impairments.
Why Assistive Technology Won’t Bridge The GapCAPTCHAs are intentionally designed for humans to interpret and solve, so assistive technology like screen readers and hands-free controls may be of little help. ReCAPTCHA in particular poses an issue because it analyzes background activity. If it flags the accessibility devices as bots, it will serve a potentially inaccessible CAPTCHA.
Even if this technology could bridge the gap, web developers shouldn’t expect it to. Industry standards dictate that they should follow universal design principles to make their websites as accessible and functional as possible.
CAPTCHA’s accessibility issues could be forgiven if it were an effective security tool, but it is far from foolproof since bots get it right more than humans do. Why keep using a method that is ineffective and creates barriers for people with disabilities?
There are better alternatives.
Principles For Accessible AuthenticationThe idea that humans should consistently outperform algorithms is outdated. Better authentication methods exist, such as multifactor authentication (MFA). The two-factor authentication market will be worth an estimated $26.7 billion by 2027, underscoring its popularity. This tool is more effective than a CAPTCHA because it prevents unauthorized access, even with legitimate credentials.
Ensure your MFA technique is accessible. Instead of having website visitors transcribe complex codes, you should send push notifications or SMS messages. Rely on the verification code autofill to automatically capture and enter the code. Alternatively, you can introduce a “remember this device” feature to skip authentication on trusted devices.
Apple’s two-factor authentication approach is designed this way. A trusted device automatically displays a six-digit verification code, so they do not have to search for it. When prompted, iPhone users can tap the suggestion that appears above their mobile keyboard for autofill.
Single sign-on is another option. This session and user authentication service allows people to log in to multiple websites or applications with a single set of login credentials, minimizing the need for repeated identity verification.
One-time-use “magic links” are an excellent alternative to reCAPTCHA and temporary PINs. Rather than remembering a code or solving a puzzle, the user clicks on a button. Avoid imposing deadlines because, according to WCAG Success Criterion 2.2.3, users should not face time limits since those with disabilities may need more time to complete specific actions.
Alternatively, you could use Cloudflare Turnstile. It authenticates without showing a CAPTCHA, and most people never even have to check a box or hit a button. The software works by issuing a small JavaScript challenge behind the scenes to automatically differentiate between bots and humans. Cloudflare Turnstile can be embedded into any website, making it an excellent alternative to standard classification tasks.
Testing And Evaluation Of Accessible Authentication DesignsTesting and evaluating your accessible alternative authentication methods is essential. Many designs look good on paper but do not work in practice. If possible, gather feedback from actual users. An open beta may be an effective way to maximize visibility.
Remember, general accessibility considerations do not only apply to people with disabilities. They also include those who are neurodivergent, lack access to a mobile device, or use assistive technology. Ensure your alternative designs consider these individuals.
Realistically, you cannot create a perfect system since everyone is unique. Many people struggle to follow multistep processes, solve equations, process complex instructions, or remember passcodes. While universal web design principles can improve flexibility, no single solution can meet everyone’s needs.
Regardless of the authentication technique you use, you should present users with multiple authentication options upfront. They know their capabilities best, so let them decide what to use instead of trying to over-engineer a solution that works for every edge case.
Address The Accessibility Problem With Design ChangesA person with hand tremors may be unable to complete a sliding puzzle, while someone with an audio processing disorder may have trouble with distorted audio samples. However, you cannot simply replace CAPTCHAs with alternatives because they are often equally inaccessible.
QR codes, for example, may be difficult to scan for those with reduced fine motor control. People who are visually impaired may struggle to find it on the screen. Similarly, biometrics can pose an issue for people with facial deformities or a limited range of motion. Addressing the accessibility problem requires creative thinking.
You can start by visiting the Web Accessibility Initiative’s accessibility tutorials for developers to better understand universal design. Although these tutorials focus more on content than authentication, you can still use them to your advantage. The W3C Group Draft Note on the Inaccessibility of CAPTCHA provides more relevant guidance.
Getting started is as easy as researching best practices. Understanding the basics is essential because there is no universal solution for accessible web design. If you want to optimize accessibility, consider sourcing feedback from the people who actually visit your website.
Further Reading
- “The CAPTCHA: Perspectives and Challenges,” Darko Brodić and Alessia Amelio
- “Designing Accessible Text Over Images: Best Practices, Techniques, And Resources,” Hannah Milan
- “In Search Of The Best CAPTCHA,” David Bushell
- “WCAG 3.0’s Proposed Scoring Model: A Shift in Accessibility Evaluation,” Mikhail Prosmitskiy
Pennsylvania, USA
Next Page of Stories