http://lbrandy.com/blog/2009/10/how-not-to-invent-the-next-gen-captcha/ { on programming and the internets, every monday } Tue, 09 Mar 2010 07:51:25 +0000 http://wordpress.org/?v=2.9.1 hourly 1 http://lbrandy.com/blog/2009/10/how-not-to-invent-the-next-gen-captcha/comment-page-1/#comment-25690 としあき Tue, 20 Oct 2009 19:37:41 +0000 http://lbrandy.com/blog/?p=1096#comment-25690 I think you did not cover one important factor when trying to design a CAPTCHA and that is the characteristics of those humans that are supposed to be able to pass it. Not every CAPTCHA needs to be designed so that /any/ human can solve it. A good example of this is the one used by http://random.irb.hr/signup.php which generally requires higher level mathematical knowledge. This is not unreasonable as if their resource is to be of any use to you you would likely already possess the required skills to solve them. One might even want to require cultural knowledge for a CAPTCHA as this will hinder human CAPTCHA farms being paid per CAPTCHA (however, they can still just send them to people looking for porn to solve). I think you did not cover one important factor when trying to design a CAPTCHA and that is the characteristics of those humans that are supposed to be able to pass it. Not every CAPTCHA needs to be designed so that /any/ human can solve it. A good example of this is the one used by http://random.irb.hr/signup.php which generally requires higher level mathematical knowledge. This is not unreasonable as if their resource is to be of any use to you you would likely already possess the required skills to solve them. One might even want to require cultural knowledge for a CAPTCHA as this will hinder human CAPTCHA farms being paid per CAPTCHA (however, they can still just send them to people looking for porn to solve).

]]> http://lbrandy.com/blog/2009/10/how-not-to-invent-the-next-gen-captcha/comment-page-1/#comment-25689 Jach Tue, 20 Oct 2009 19:18:13 +0000 http://lbrandy.com/blog/?p=1096#comment-25689 Non-image based captchas work just as well in my opinion, if not better. If you're using a third party captcha system lots of other places use, it's bound to be under several attacks. Asking the user a logic question (or "what image is this? (cat/dog/elephant)" works, as does forcing JavaScript on to set a hidden field at the form submit. The future of captchas isn't in fancier images, but in just using a variety of techniques. Non-image based captchas work just as well in my opinion, if not better. If you’re using a third party captcha system lots of other places use, it’s bound to be under several attacks. Asking the user a logic question (or “what image is this? (cat/dog/elephant)” works, as does forcing JavaScript on to set a hidden field at the form submit. The future of captchas isn’t in fancier images, but in just using a variety of techniques.

]]> http://lbrandy.com/blog/2009/10/how-not-to-invent-the-next-gen-captcha/comment-page-1/#comment-25684 Michael Buckbee Tue, 20 Oct 2009 14:27:19 +0000 http://lbrandy.com/blog/?p=1096#comment-25684 I really just wish that there were more CAPTCHA implementations running around (and constantly evolving) so that the price and hassle to the spammers would go up. I really just wish that there were more CAPTCHA implementations running around (and constantly evolving) so that the price and hassle to the spammers would go up.

]]>