Geek Answers Handbook

Need suggestions / ideas for easy to use but safe captchas

For starters, I am well aware of the trade-off between security and usability associated with captchas, and do not need any explanation.

I know that reCAPTCHA is a modern captcha technology, but we just do not want to use it for our site because of the difficulty with which users read distorted words. Our site is an educational portal for students offering online courses, so users will be students (going to the certificate level) and teachers.

I was looking for different ideas and found some good ones, such as: -

My goal is to ask this question - get as many ideas as possible. I think there are still many convenient but safe ways to finalize.

Please pay attention to the pros and cons of the method that you offer, with reference to the way spam bots work. I do not really understand many of their strengths and weaknesses.

Thanks,

Sandeepan

+1
captcha
source share
3 answers

Reading distorted words is one thing, but asking legitimate users to go into things like this can be quite annoying. Therefore, it is important that you do not burden the user with anti-spam measures .

Damien Katz used a negative captcha to stop spam bots. This method, also called the honeypot field, is easy to implement and does not require the user to do anything.

A more sophisticated implementation of honeypot is described by Ned Batchelder . It includes randomized field names and hashed values ​​to make sure the bots have not faked the form.

In his article, he states the following:

Spammers do not make software that can send messages in any form; they make software that can send messages in many forms.

Thus, it just requires a simple trick to confuse most spam bots. A little more magic will take care of the remaining bots.

As for the Sesame Street solution, asking a simple question or choosing the right animal from the list: these are questions that are difficult for spam bots, but they can be difficult for users. Especially if your site has an international audience, people with a first language other than English may have a problem understanding the questions. It may not be a problem with your audience, but it is something to remember.

+1
source share

One of my colleagues was presented with a series of random images of things like tea cups, boats, cats, etc. with flags and ask the user to tag all the cats (say) or perhaps a boat and a tree.

Images were fairly simple two-color icons, although real photos could be used if necessary.

Just make sure your image names are not representative of their contents.

+1
source share

Firstly, ASP.NET has a control that is not really a "captcha", but actually quite the opposite - a very simple script that ensures that the visiting program can evaluate JavaScript. This eliminates all but the most complex scrapers, especially if there is a structure in the JavaScript test that changes (i.e. It's not just var y = 2; var x = y + (random number from the server), check (x))

Google and Craigslist use phone numbers that indicate that the nasty bot has at least access to the number of SMS-compatible numbers (or voice recognition + voice line)

My favorite captcha is clicking on something that the computer cannot recognize, for example, selecting a cat from a short list of animal images.

It is important to consider the availability and ease of implementation that reCAPTCHA does very well.

+1
source share

More articles:


All Articles