alternative to captcha image?

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

schgrypt
Forum Newbie
Posts: 17
Joined: Thu Jan 29, 2009 6:34 am

Re: alternative to captcha image?

Post by schgrypt »

Hello everyone,

personally I am no big fan of captchas. Even the sophisticated ones with audio help are unsolveable for quite a lot of people due to some sort of handicap, may it be a disability or just not enough experience with the medium. And for those who can solve them without problems, they are still a pain in the ass.

The "click-on-the-right-picture" idea is much more user friendly but still evil in terms of accessability, as already mentioned by Chris. I chose a similar approach by generating a picture with a ring on it, the users were recognized as humans by clicking close enough on the ring.

Trying my best to develop accessible websites it seemed to be a bad joke putting something like a captcha on the pages.

The "logic" approach with asking questions I didnt even try - as you can read, english isnt my native tongue and I also face users from different countries. The language barrier is very quick too high then/a too strong limitation of the audience of a site.

What has been working well for me is a combination of several simple ways to "rate" the user. F.e. I always include a timestamp to my forms and check it on submission - most bots submit under 10s after the request (this doesnt work for certain forms like logins, of course). Invisible Fields with the label "Leave this field empty" (language barrier, I know) which arent empty on submission increase the rating as well as the usual suspicions like too many urls containing "vi.ag.ra!" etc.

Is a user rated high, I check his data with some service like Defensio.com and finally display a captcha.

Until now this works perfectly for me and I didnt hear any complaints about accessability issues, yet.

Hope to hear your thoughts on this subject, greetings
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: alternative to captcha image?

Post by Benjamin »

One could always display a picture of the form.. er.. .. I don't know where I'm going with this..
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Re: alternative to captcha image?

Post by jayshields »

Anyone who is concerned with the security of CAPTCHAs should just code their own. It doesn't matter what it is, and it can be painstakingly simple. If you're website isn't huge, then no one's going to be bothered coding a bot just to spam your one small website.
schgrypt
Forum Newbie
Posts: 17
Joined: Thu Jan 29, 2009 6:34 am

Re: alternative to captcha image?

Post by schgrypt »

I agree, but the question was more if there are any clever alternatives to captchas than how to make them safer, no?

At least for myself the first point is much more interesting :lol:
djlest
Forum Newbie
Posts: 3
Joined: Mon Feb 09, 2009 4:08 am

Re: alternative to captcha image?

Post by djlest »

any one tried REVERSE CAPTCHA METHODS?>

http://www.ccs.uottawa.ca/webmaster/rev ... ptcha.html
schgrypt
Forum Newbie
Posts: 17
Joined: Thu Jan 29, 2009 6:34 am

Re: alternative to captcha image?

Post by schgrypt »

Yes, I was actually refering to this with my "invisible field".

The big challenge using this method is to make sure your users don't get caught by your "trap" (= you have to "mark it" somehow being a false-field, think of screenreader users for example) and that at the same time this marker isn't too obvious as well.

As already mentioned before, techniques are as long "safe" as the cost of adapting the bots to them is bigger than the benefit their authors get from breaking your safety.

I always recommend to combine some techniques. Its more likely to prevent you from making your users angry by mistakingly identifying them as bots and increases your security.
Post Reply