Page 2 of 2

Re: alternative to captcha image?

Posted: Wed Feb 04, 2009 4:16 pm
by schgrypt
Hello everyone,

personally I am no big fan of captchas. Even the sophisticated ones with audio help are unsolveable for quite a lot of people due to some sort of handicap, may it be a disability or just not enough experience with the medium. And for those who can solve them without problems, they are still a pain in the ass.

The "click-on-the-right-picture" idea is much more user friendly but still evil in terms of accessability, as already mentioned by Chris. I chose a similar approach by generating a picture with a ring on it, the users were recognized as humans by clicking close enough on the ring.

Trying my best to develop accessible websites it seemed to be a bad joke putting something like a captcha on the pages.

The "logic" approach with asking questions I didnt even try - as you can read, english isnt my native tongue and I also face users from different countries. The language barrier is very quick too high then/a too strong limitation of the audience of a site.

What has been working well for me is a combination of several simple ways to "rate" the user. F.e. I always include a timestamp to my forms and check it on submission - most bots submit under 10s after the request (this doesnt work for certain forms like logins, of course). Invisible Fields with the label "Leave this field empty" (language barrier, I know) which arent empty on submission increase the rating as well as the usual suspicions like too many urls containing "vi.ag.ra!" etc.

Is a user rated high, I check his data with some service like Defensio.com and finally display a captcha.

Until now this works perfectly for me and I didnt hear any complaints about accessability issues, yet.

Hope to hear your thoughts on this subject, greetings

Re: alternative to captcha image?

Posted: Wed Feb 04, 2009 5:09 pm
by Benjamin
One could always display a picture of the form.. er.. .. I don't know where I'm going with this..

Re: alternative to captcha image?

Posted: Wed Feb 04, 2009 5:15 pm
by jayshields
Anyone who is concerned with the security of CAPTCHAs should just code their own. It doesn't matter what it is, and it can be painstakingly simple. If you're website isn't huge, then no one's going to be bothered coding a bot just to spam your one small website.

Re: alternative to captcha image?

Posted: Fri Feb 06, 2009 1:41 am
by schgrypt
I agree, but the question was more if there are any clever alternatives to captchas than how to make them safer, no?

At least for myself the first point is much more interesting :lol:

Re: alternative to captcha image?

Posted: Mon Feb 09, 2009 6:15 am
by djlest
any one tried REVERSE CAPTCHA METHODS?>

http://www.ccs.uottawa.ca/webmaster/rev ... ptcha.html

Re: alternative to captcha image?

Posted: Wed Feb 11, 2009 6:12 am
by schgrypt
Yes, I was actually refering to this with my "invisible field".

The big challenge using this method is to make sure your users don't get caught by your "trap" (= you have to "mark it" somehow being a false-field, think of screenreader users for example) and that at the same time this marker isn't too obvious as well.

As already mentioned before, techniques are as long "safe" as the cost of adapting the bots to them is bigger than the benefit their authors get from breaking your safety.

I always recommend to combine some techniques. Its more likely to prevent you from making your users angry by mistakingly identifying them as bots and increases your security.