Comments on: Making captchas less annoying

By: Jonathan Holland

Jonathan Holland — Tue, 21 Dec 2010 02:04:30 +0000

Very well written! It inspired me to leave my comments. It great to read an article suggesting that programmers not be lazy when coding advanced features such as captchas.

By: John-Paul DeVries

John-Paul DeVries — Wed, 30 Jun 2010 21:44:08 +0000

Would it be possible to create some sort of audio-based captcha for the seeing impaired?

By: Teo from Greece

Teo from Greece — Fri, 21 Dec 2007 20:37:26 +0000

Sorry if this is old news to to you….

Check out http://research.microsoft.com/asirra/
It’s called “Image-recognition CAPTCHAs” and seems very promising

“Image-recognition CAPTCHAs

Some researchers promote image recognition CAPTCHAs as a possible alternative for text based CAPTCHAs. The U.S. financial institution Bank of America has used image-recognition CAPTCHAs as part of the secure login process for their personal banking website.

Image recognition CAPTCHAs face many potential problems which have not been fully studied. It is difficult for a small site to acquire a large dictionary of images which an attacker does not have access to. Without a means of automatically acquiring new labelled images, an image based challenge does not meet the definition of a CAPTCHA. Some current image recognition CAPTCHAs ask the user to make a binary choice (such as “Is this a cat or a dog?”).Even with just sixteen images, a bot has a 1 in 65536 (2^16) chance of getting the image right every time. In order to be effective against a botnet attack, the user would be forced to solve a prohibitively large number of images.”

By: Keith

Keith — Wed, 19 Dec 2007 23:04:29 +0000

Some CAPTCHAs are better than others. Blogger’s isn’t too bad. Signing up for AIM, however, proved to be nearly impossible. It’s also been noted that spammers can always hire cheap labor to break through CAPTCHAs, rendering them useless.

Now, Blogger’s CAPTCHAs are weird. They have a timeout. So, if you have the comment form in another tab, the CAPTCHA might be invalid by the time you get there. Also, getting a pass and not having to bear with CAPTCHAs is temporary.

By: Tom Morris

Tom Morris — Wed, 12 Dec 2007 17:44:36 +0000

This is where OpenID and BotBouncer come into play. Not tremendously useful in Flash, but if you want to verify someone with OpenID is a real person, just push them through BotBouncer.

Also, for registration on GetSemantic.com, I’m using ReCaptcha. Love it. Helping OCR books and preventing wiki spam at the same time. Great. Both ReCaptcha and BotBouncer have an accessible option to that uses sound rather than graphics. It’d be interesting if one or both of those could support Flash too.

By: Luke

Luke — Wed, 12 Dec 2007 16:45:42 +0000

This doesn’t solve annoyingness or accessibility, but is pretty cool none the less:

http://news.bbc.co.uk/1/hi/technology/7023627.stm

By: Thom Shannon

Thom Shannon — Wed, 12 Dec 2007 10:55:24 +0000

There are lots of sites offering audio captchas along side. Microsoft have done it for a long time and I’ve implemented them before myself. I’ve not see any research into the usability or effectiveness of them though. None visual CAPTCHAs such as those that ask for the answer to a question might be a better option, although some people claim they discriminate against people with cognitive disabilities or none native speakers of that language.

More reading from Gez Lemon: http://juicystudio.com/article/accessibility-of-captcha.php

By: Lee McColl Sylvester

Lee McColl Sylvester — Tue, 11 Dec 2007 13:50:22 +0000

This is kinda freaky! My wife is blind (she’d have to be, right?), and she was only saying how impossible they are for her to overcome, because they’re naturally inaccessible. However, they are kinda necessary. If it wasn’t for all the pillocks who like mass spamming and ruining everyones informational pseudo life, they wouldn’t exist, and we’d all get along like one big happy family.

How about someone (a reader of this blog, maybe?) invent us an accessible alternative???

By: sascha/hdrs

sascha/hdrs — Tue, 11 Dec 2007 02:43:42 +0000

Normally Bad Behavior and Akismet are doing a great job in filtering SPAM. If a wave of SPAM sometimes really gets through I activate AntiSpamImage temporarily which still provides a very readable image.
The worst thing imho is blogger.com! Their captcha images are totally messed up, even if you have good eye sight it often tells that the input is wrong. This led me to stop writing comments on blogs that user blogger.com, not worth my time!

By: Thom Shannon

Thom Shannon — Mon, 10 Dec 2007 18:46:09 +0000

@Alex that would only be possible if your cookie auth was badly designed, the cookie should use a session id that only allows one account to be created from it.

The other really annoying thing about visual CAPTCHAs is when they make them impossible even for humans to read and case sensitive when you can’t even tell the case of the letters!