The CAPTCHA (Completely Automated Public Turing Test To Tell Computers and Humans Apart) has been evolving in recent years in attempt to close in on two primary goals:
- Stay ahead of smart robots
- Avoid unnecessary mental strain on the user
Unfortunately, for a while, it seemed that you could really only achieve one of those objectives successfully.
While the CAPTCHA below serves to smack down robo-spammer, it'll cause legit humans to smack themselves:
I'm so confident that no human can interpret it, that I've used my social security number as the CAPTCHA!
So what can we do to hold the bots at bay, without insulting the intelligence of our users? I've seen a few interesting techniques throughout the web, and have a few ideas of my own that I thought I'd share. Starting with the CAPTCHAS I've seen floating around:
Choosing related items in a set
An example of this is found at: http://www.feedsee.com/submit.html. It appears that they have base64 encoded the answers, to pass them along in a form field. This way the validation script knows what the correct response should be.
What is this?
This one serves the dual purpose of CAPTCHA and adult verification. Obviously, it's not fool proof (or should I say genius proof) on the age verification. There are some pretty smart kids out there, but it's better than nothing! I don't recall exactly how this web developer validated the CAPTCHA, but it's a safe bet that they string matched against variations of the VHS acronym (uppercase, lowercase, etc).
Please complete the arithmetic below:
3 + 3 =
I hesitate to call this an improvement on traditional CAPTCHA. If there's anything computers do better than character recognition, it's math! It would not be difficult for a script to look for field labels that contain the + character, then do a simple string eval() to get the answer (letting their programming language to the work).
Of course, you could always drop the equation into an image, but then you might as well just use a traditional CAPTCHA. Personally, I think I'd try something like:
Help us prove that you're a human!
If Mary has X apples and John has Y apples, how many apples do they have together?
To a spam bot, this looks like a long winded question, not a simple equation. Try feeding that to your eval() function!
Enter the words above:
This is beyond genius.
- Promotes a product
- Easy for a human to understand
- Difficult for a computer to understand
As another option, you could have the user fill in the missing word within a very popular slogan.
Melts in Your Mouth, Not in Your
This technique could also fall into the age-verification category if you choose a classic slogan. Although, simply Googling a piece of the slogan would be enough to solve it.
More Set Matching
I found this one on OpenClipArt.org.
Is the sun hot or cold?
I recently found this one on HostGator. I think it's great, but I'm not sure why they require another "standard" CAPTCHA after it:
Captchas are becoming more ridiculous by the days – it now takes me about 2 or 3 retries to get one of these re-captcha things right.
There must be some way – a much better way to prevent spam.
I just saw this one on a site:
In what year are we? ____________
This is great as it's dynamic, and the answer is easy to grab on the server side.
It's hard to resist commenting on my own post when I see an awesome new CAPTCHA. I just had the pleasure of using one that's actually an animation! As a very small video file, this CAPTCHA made it easy for human visitors to recognize the letters, as they were hardly distorted. Yet, there's no doubt that a bot would struggle to decode and recognize an alphanumeric pattern inside a video.
Another great one:
What is the largest number listed here – 12, 36, 14, 87, 22?