The CAPTCHA (Completely Automated Public Turing Test To Tell Computers and Humans Apart) has been evolving in recent years in attempt to close in on two primary goals:
- Stay ahead of smart robots
- Avoid unnecessary mental strain on the user
Unfortunately, for a while, it seemed that you could really only achieve one of those objectives successfully.
While the CAPTCHA below serves to smack down robo-spammer, it'll cause legit humans to smack themselves:
I'm so confident that no human can interpret it, that I've used my social security number as the CAPTCHA!
So what can we do to hold the bots at bay, without insulting the intelligence of our users? I've seen a few interesting techniques throughout the web, and have a few ideas of my own that I thought I'd share. Starting with the CAPTCHAS I've seen floating around:
Choosing related items in a set
An example of this is found at: http://www.feedsee.com/submit.html. It appears that they have base64 encoded the answers, to pass them along in a form field. This way the validation script knows what the correct response should be.
What is this?
This one serves the dual purpose of CAPTCHA and adult verification. Obviously, it's not fool proof (or should I say genius proof) on the age verification. There are some pretty smart kids out there, but it's better than nothing! I don't recall exactly how this web developer validated the CAPTCHA, but it's a safe bet that they string matched against variations of the VHS acronym (uppercase, lowercase, etc).
Arithmetic
Please complete the arithmetic below:
3 + 3 =
I hesitate to call this an improvement on traditional CAPTCHA. If there's anything computers do better than character recognition, it's math! It would not be difficult for a script to look for field labels that contain the + character, then do a simple string eval() to get the answer (letting their programming language to the work).
Of course, you could always drop the equation into an image, but then you might as well just use a traditional CAPTCHA. Personally, I think I'd try something like:
Help us prove that you're a human!
If Mary has X apples and John has Y apples, how many apples do they have together?
To a spam bot, this looks like a long winded question, not a simple equation. Try feeding that to your eval() function!
Embedded advertising
Enter the words above:
This is beyond genius.
- Promotes a product
- Easy for a human to understand
- Difficult for a computer to understand
As another option, you could have the user fill in the missing word within a very popular slogan.
Melts in Your Mouth, Not in Your
This technique could also fall into the age-verification category if you choose a classic slogan. Although, simply Googling a piece of the slogan would be enough to solve it.
More Set Matching
I found this one on OpenClipArt.org.
Others
Is the sun hot or cold?
The Slider
I recently found this one on HostGator. I think it's great, but I'm not sure why they require another "standard" CAPTCHA after it:
My Own Ideas
Here's a few that I've concepted, but haven't put into production on any site yet:
Backwards
- Create the image using your language's text rendering features
- Encrypt the original word and store it in a hidden form variable
- Your validation script decrypts and reverses the original word to check for a match
This allows us to maintain the human readability, while throwing another obstacle at robo-spammers.
Shapes?
Using a similar technique as above, we could pass an encrypted version of the answer, or the actual shape in a hidden form variable.
Come right out with it
I am a Robot Alien Monkey Human Caveman Ghost
I honestly have no idea how this would pan out. It would give unfamiliar bots a run for their money, and maybe get a giggle out of your users.
What I'm trying to convey in the ideas above is that CAPTCHAs, which are always a nuisance for your user, could be made a bit more interesting, and easier to complete, with a little creativity.