Wow, the login CAPTCHA has become rather hard to read. Not just here either. It is a necessary trend I know. I fear we are fast approaching a point where we must find an effective replacement. If CAPTHAs must become any more obfuscated, then the bots will have won that battle.

I don't wish to trigger a discussion over appropriate use of CAPTCHA. But I am interested in thoughts on what can be done to fill the void where they belong when bots are better able to read them than humans.

I'd like to hear some ideas on this. A nod towards accessibility would probably be welcomed by many sight challenged 'net users as well.

I concur we need to do something better and more sophisticated. This is hopefully a short term measure.

See also /t206321-PC_stripper_helps_spam_to_spread.html

Yea, I was just about to mention the reCAPTCHA project It looks very cool hehehe.

The only question I got, is how do they know if the user is entering a "correct" captcha, if they (Internet Archive) can't read the the text themselves?

In fact, over at http://recaptcha.net/learnmore.html I misspelled one of the captchas, and it still said I was "correct"...maybe it lets it through if only 1 character is mispelled...? heheh

kittenauth also looks interesting.

Here's a thought. Why are most CAPTCHAs in use these days nothing more than obfuscated graphical forms of text with the correct response being the text? I think we need to break from this mold.

Why not have images of things to be identified and the response is to choose the correct identifier among multiple choices?

What about using a mapped graphic with multiple differing elements and instruction to the user to click on one particular element for the response? Or multiple elements clicked in the correct sequence as instructed?

I'd love to run something like that, but I need help setting up the images. I never did get into graphics.

That asirra.com example does look good. I had to allow javascript though to see it.

I had to pull out my references to verify. I guess both of my suggestions would require javascript to pull off.

That creates a usability dilema in some situations. One must first trust the site's javascript in order to establish trust with the site. This can be confusing for the typical internet user. They are likely to get fed up and allow javascript globally (literally when we are talking the internet).

As they say, security aint easy.

The typical user doesn't use noscript.
The typical noscript user would read castlecops before deciding to register or post, and decide it is trustworthy enough to allow javascript when encountering kittenauth.