Displaying articles with tag captcha

Alternatives to CAPTCHA images

Posted by jason, Sat Dec 08 00:20:00 UTC 2007

So, a few days ago, I lamented the use of CAPTCHA on so many web sites, as it seems that the usability issues it causes have been completely overlooked by most developers. I promised I would follow up with some alternatives to this method, so without further adieu…

Mathematical Puzzles

The benefit of this approach is that you can provide random simple problems to solve, normally simple math, without having to distort text. While the user is probably surprised that they would have to tell you what 4 + 3 is to get an account, you can easily explain its purposes. It is generally quick and painless and through random problem creation, you can ensure that bots don’t figure out all your puzzles.

UPDATE: check out a rails plugin that does math based CAPTCHA called less-captcha

Logic Puzzles

If simple math is not your thing, then logic puzzles are another useful alternative. For example, you can ask a user to pick out an obvious color (like black) that is not a part of the colors of a rainbow. You could also ask the user to tell you which animal has feathers…an owl, dog or cat. These items are simple for most humans to comprehend, but complex for a bot to handle programmatically.

E-mail Verification

This method, which involves the system sending a user a quick verification email and having the user respond to that email, has seen some decline in overall use. However, it is still an effective way to weed out unwanted bots from clogging up your account forms. The most obvious downside is that it could hinder the sign-up process if there were any delays in the user getting the message. Add to that the inability to control factors such as the delay, and it makes this a less attractive alternative.

Also, email verification is not a useful method if you are simply trying to verify that a human is making comments on your blog, participating in a chat, etc.

Blank form fields

As of this writing, I have not seen this method used that often, but it seems simple enough. Basically, when you create some type of form (a sign-up page, personal information gatherer, etc.) you insert a couple of extra form fields and then provide instructions to the user to not place any data in the fields. An automated bot will fill out all form fields it encounters, telling the submitted form that the data received is probably from an automated source.

I wonder if you could effective provide extra form fields in the code, but then hide them through opacity settings in CSS. That way, you would ensure that any data entered was from a bot, because the user would not be able to see the hidden form fields.

Manage it yourself

Finally, the most user-friendly of all the options…do the heavy-lifting of sifting through good and bad results yourself. There are tools out there, and most popular blogging engines have spam-filtering (like Akismet for example), that assist in filtering out submitted form data, posts, etc., but there will still be some manual aspect of it. Ultimately, you must decide if it is worth adding a barrier between you and potential customers or interactions just to save you a few minutes of grief each week.

Generally speaking, it is just a bad idea to use CAPTCHA methods that utilize distorted imagery anywhere on your web site. Consider your parents or grandparents…would they have an issue using that method if they were trying to sign up for your web site? The last thing you want to do is make it challenging for someone to use your app, get involved in your blog or join your community.

Just do the right thing.

1 comment | Filed Under: | Tags: CAPTCHA captcha

Captcha is a usability nightmare

Posted by jason, Sat Dec 01 00:09:00 UTC 2007

CAPTCHA

My guess is that you have seen one of these widgets on the Internet in the last few months.

Spam has branched out with a vengeance and is no longer just a threat to the sanity of your email inbox. From blogs to web forms to twitter, bots are attacking anything that is remotely accessible to automated data entry. This, in the simplest of cases, presents headaches for blog owners and site administrators and in the worst of cases, can render applications useless, similar to a DOS attack.

This is very unfortunate.

CAPTCHA, which stands for “Completely Automated Public Turing (Test to Tell) Computers (and) Humans Apart, is meant to do just that…force the humans to do something that bots would not be able to do if they were spidering through a site…in the case above, discern some distorted letters and enter them into a form before continuing. The often-noticed downside is that due to the cleverness of developers, CAPTCHA has had to become so bizarre-looking, it has introduced a frustrating experience to users who want to simply sign up for a web site or application.

In essence, developers have chosen to place the onus and (ultimately) frustration on their users instead of dealing with the issue of spam themselves. Beyond the obvious accessibility issues (which have been addressed by some methods, including audio), CAPTCHA can take a simple sign-up form and make it a negative and delayed experience…not the first impression you want to make with your site or application. The truth is that I have struggled with correctly answering CAPTCHA widgets like the one above, so I can only imagine what it would be like for my parents, grandparents, people with even slight vision impairment, etc.

While I don’t want to put the blame solely on Google, it seems that they were one of the first companies to mainstream this approach…and it is sad that it has caught on like it has. In my opinion, CAPTCHA is a poor interaction to force a user to contend with. Simply put, there have to be better alternatives out there. In my follow-up article, I will highlight some alternative methods to using CAPTCHA. Hopefully, we can find better solutions that will remove this ugly addition to the cost that users must pay for irresponsible behavior on the web.

0 comments | Filed Under: User Experience | Tags: CAPTCHA captcha

Fighting Blog Spam

Posted by ben, Thu Feb 01 10:10:00 UTC 2007

I was blown away by the amount of blog spam this blog has already brought in considering that it is brand new and readership isn’t really up yet. So, I installed 2 WordPress plugins that seem to stop it in its tracks.

The first is Akismet, which is a spam filter that works much like a spam filter on your email. It seems to work really well, but I also wanted to prevent most of the spam from even getting to that point so I chose an easy to read CAPTCHA system called Peter’s Custom Anti-Spam. It is an easy to read CAPTCHA based off of phonetic words so it a lot easier on people trying to post comments. This also means that it is easier for some bots to read, those few bots that were obviously written by pure evil, but their post will get stopped by the first plugin.

2 comments | Filed Under: | Tags: CAPTCHA