CAPTCHA comment

 CastleCops -> General Site
Author: Scott_HollingsworthLocation: USA PostPosted: Wed Oct 31, 2007 1:10 am    Post subject: CAPTCHA comment
Wow, the login CAPTCHA has become rather hard to read. Not just here either. It is a necessary trend I know. I fear we are fast approaching a point where we must find an effective replacement. If CAPTHAs must become any more obfuscated, then the bots will have won that battle.

I don't wish to trigger a discussion over appropriate use of CAPTCHA. But I am interested in thoughts on what can be done to fill the void where they belong when bots are better able to read them than humans.

I'd like to hear some ideas on this. A nod towards accessibility would probably be welcomed by many sight challenged 'net users as well.
Author: Paul PostPosted: Wed Oct 31, 2007 2:04 am    Post subject:
I concur we need to do something better and more sophisticated. This is hopefully a short term measure.
Author: pwillenerLocation: Japan PostPosted: Wed Oct 31, 2007 4:14 am    Post subject:
See also CastleCops Link/t206321-PC_stripper_helps_spam_to_spread.html
Author: ahoierLocation: USA PostPosted: Fri Nov 02, 2007 7:45 pm    Post subject:
Yea, I was just about to mention the reCAPTCHA project Wink It looks very cool hehehe.

The only question I got, is how do they know if the user is entering a "correct" captcha, if they (Internet Archive) can't read the the text themselves? Smile

In fact, over at http://recaptcha.net/learnmore.html I misspelled one of the captchas, and it still said I was "correct"...maybe it lets it through if only 1 character is mispelled...? heheh
Author: brewtLocation: USA PostPosted: Fri Nov 02, 2007 7:59 pm    Post subject:
kittenauth also looks interesting.
Author: Ikeb PostPosted: Sat Nov 03, 2007 1:58 am    Post subject:
ahoier wrote:
The only question I got, is how do they know if the user is entering a "correct" captcha, if they (Internet Archive) can't read the the text themselves? Smile

Dunno about recaptcha but the way I could see this working is that the interloper, upon getting the "mule" input, directs it to the site originating the captcha. Upon successful interpretation, the interloper gives the mule the desired peep show. In the meantime the interloper uses a bot to automate whatever nefarious tasks are at hand.

It's ingenious really ... but a PITA for legit sites who don't really need the bots bypassing CAPTCHA. Sad
Author: Scott_HollingsworthLocation: USA PostPosted: Wed Nov 07, 2007 3:53 am    Post subject:
Here's a thought. Why are most CAPTCHAs in use these days nothing more than obfuscated graphical forms of text with the correct response being the text? I think we need to break from this mold.

Why not have images of things to be identified and the response is to choose the correct identifier among multiple choices?

What about using a mapped graphic with multiple differing elements and instruction to the user to click on one particular element for the response? Or multiple elements clicked in the correct sequence as instructed?
Author: Paul PostPosted: Wed Nov 07, 2007 4:19 am    Post subject:
I'd love to run something like that, but I need help setting up the images. I never did get into graphics.
Author: brewtLocation: USA PostPosted: Wed Nov 07, 2007 4:05 pm    Post subject:
Scott_Hollingsworth wrote:
I think we need to break from this mold.

Why not have images of things to be identified and the response is to choose the correct identifier among multiple choices?
you mean like this?

http://www.asirra.com/examples/ExampleService.html
Code:
artsoft.org/forum/profile.php?mode=register&agreed=true
Author: Scott_HollingsworthLocation: USA PostPosted: Thu Nov 08, 2007 6:04 pm    Post subject:
That asirra.com example does look good. I had to allow javascript though to see it.

I had to pull out my references to verify. I guess both of my suggestions would require javascript to pull off.

That creates a usability dilema in some situations. One must first trust the site's javascript in order to establish trust with the site. This can be confusing for the typical internet user. They are likely to get fed up and allow javascript globally (literally when we are talking the internet).

As they say, security aint easy.
Author: brewtLocation: USA PostPosted: Thu Nov 08, 2007 7:44 pm    Post subject:
The typical user doesn't use noscript.
The typical noscript user would read castlecops before deciding to register or post, and decide it is trustworthy enough to allow javascript when encountering kittenauth.
CastleCops -> General Site

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group