{"id":809,"date":"2012-09-28T23:03:56","date_gmt":"2012-09-28T23:03:56","guid":{"rendered":"http:\/\/www.sitekickr.com\/blog\/?p=809"},"modified":"2013-08-20T11:02:22","modified_gmt":"2013-08-20T11:02:22","slug":"coolest-captchas","status":"publish","type":"post","link":"https:\/\/www.sitekickr.com\/blog\/coolest-captchas\/","title":{"rendered":"CAPTCHAs &#8211; security, fun and promotion"},"content":{"rendered":"<p>The CAPTCHA (Completely Automated Public Turing Test To Tell Computers and Humans Apart) has been evolving in recent years in attempt to close in on two primary goals:<\/p>\n<ul>\n<li>Stay ahead of smart robots<\/li>\n<li>Avoid unnecessary mental strain on the user<\/li>\n<\/ul>\n<p>Unfortunately, for a while, it seemed that you could really only achieve one of those objectives successfully.<\/p>\n<p>While the CAPTCHA below serves to smack down robo-spammer, it&#39;ll cause legit humans to smack themselves:<\/p>\n<p><img loading=\"lazy\" alt=\"\" class=\"alignright size-full wp-image-833\" height=\"125\" src=\"http:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/bad-captcha.jpg\" title=\"bad-captcha\" width=\"300\" \/><\/p>\n<p>I&#39;m so confident that no human can interpret it, that I&#39;ve used my social security number as the CAPTCHA!<\/p>\n<p>So what can we do to hold the bots at bay, without insulting the intelligence of our users? I&#39;ve seen a few interesting techniques throughout the web, and have a few ideas of my own that I thought I&#39;d share. Starting with the CAPTCHAS I&#39;ve seen floating around:<\/p>\n<h3>Choosing related items in a set<\/h3>\n<p><img loading=\"lazy\" alt=\"\" class=\"alignright size-full wp-image-837\" height=\"177\" src=\"http:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-select.png\" title=\"captcha-select\" width=\"305\" srcset=\"https:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-select.png 305w, https:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-select-300x174.png 300w\" sizes=\"(max-width: 305px) 100vw, 305px\" \/><\/p>\n<p>An example of this is found at: <a href=\"http:\/\/www.feedsee.com\/submit.html\" target=\"_blank\">http:\/\/www.feedsee.com\/submit.html<\/a>. It appears that they have base64 encoded the answers, to pass them along in a form field. This way the validation script knows what the correct response should be.<\/p>\n<p>&nbsp;<\/p>\n<h3>What is this?<\/h3>\n<p><img loading=\"lazy\" alt=\"\" class=\"alignright size-full wp-image-841\" height=\"145\" src=\"http:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/vhs-captcha.jpg\" title=\"vhs-captcha\" width=\"213\" \/><\/p>\n<p>This one serves the dual purpose of CAPTCHA and adult verification. Obviously, it&#39;s not fool proof (or should I say genius proof) on the age verification. There are some pretty smart kids out there, but it&#39;s better than nothing! I don&#39;t recall exactly how this web developer validated the CAPTCHA, but it&#39;s a safe bet that they string matched against variations of the VHS acronym (uppercase, lowercase, etc).<\/p>\n<p>&nbsp;<\/p>\n<h3>Arithmetic<\/h3>\n<p>Please complete the arithmetic below:<\/p>\n<p>3 + 3 = <input disabled=\"true\" type=\"text\" \/><\/p>\n<p>I hesitate to call this an improvement on traditional CAPTCHA. If there&#39;s anything computers do better than character recognition, it&#39;s math! It would not be difficult for a script to look for field labels that contain the + character, then do a simple string eval() to get the answer (letting their programming language to the work).<\/p>\n<p>Of course, you could always drop the equation into an image, but then you might as well just use a traditional CAPTCHA. &nbsp;Personally, I think I&#39;d try something like:<\/p>\n<p><tt>Help us prove that you&#39;re a human! <br \/>\n\tIf Mary has X apples and John has Y apples, how many apples do they have together?<\/tt><\/p>\n<p>To a spam bot, this looks like a long winded question, not a simple equation. Try feeding that to your eval() function!<\/p>\n<p>&nbsp;<\/p>\n<h3>Embedded advertising<\/h3>\n<p><img loading=\"lazy\" alt=\"\" class=\"alignright size-full wp-image-844\" height=\"144\" src=\"http:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-dish.jpg\" title=\"captcha-dish\" width=\"184\" \/><\/p>\n<p>Enter the words above:&nbsp; <input disabled=\"true\" type=\"text\" \/><\/p>\n<p>This is beyond genius.<\/p>\n<ol>\n<li>Promotes a product<\/li>\n<li>Easy for a human to understand<\/li>\n<li>Difficult for a computer to understand<\/li>\n<\/ol>\n<p>As another option, you could have the user fill in the missing word within a very popular slogan.<\/p>\n<p>Melts in Your Mouth, Not in Your&nbsp; <input disabled=\"true\" type=\"text\" \/><\/p>\n<p>This technique could also fall into the age-verification category if you choose a classic slogan. Although, simply Googling a piece of the slogan would be enough to solve it.<\/p>\n<p>&nbsp;<\/p>\n<h3>More Set Matching<\/h3>\n<p>I found this one on OpenClipArt.org.<\/p>\n<p><a href=\"http:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-choose-image.jpg\"><img loading=\"lazy\" alt=\"captcha choose image\" class=\"alignnone size-full wp-image-1569\" height=\"288\" src=\"http:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-choose-image.jpg\" width=\"384\" srcset=\"https:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-choose-image.jpg 384w, https:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-choose-image-300x225.jpg 300w\" sizes=\"(max-width: 384px) 100vw, 384px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3>Others<\/h3>\n<p>Is the sun hot or cold?&nbsp; <input disabled=\"true\" type=\"text\" \/><\/p>\n<p>&nbsp;<\/p>\n<h3>The Slider<\/h3>\n<p>I recently found this one on HostGator. I think it&#39;s great, but I&#39;m not sure why they require another &quot;standard&quot; CAPTCHA after it:<\/p>\n<p><a href=\"http:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-slider.png\"><img loading=\"lazy\" alt=\"captcha slider\" class=\"alignright size-full wp-image-1654\" height=\"342\" src=\"http:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-slider.png\" width=\"550\" srcset=\"https:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-slider.png 550w, https:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-slider-300x186.png 300w\" sizes=\"(max-width: 550px) 100vw, 550px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><!--nextpage--><\/p>\n<h2>My Own Ideas<\/h2>\n<p>Here&#39;s a few that I&#39;ve concepted, but haven&#39;t put into production on any site yet:<\/p>\n<p>&nbsp;<\/p>\n<h3>Backwards<\/h3>\n<p><img loading=\"lazy\" alt=\"\" class=\"alignright size-full wp-image-847\" height=\"100\" src=\"http:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/captcha-backwards.jpg\" title=\"captcha-backwards\" width=\"200\" \/><\/p>\n<ol>\n<li>Create the image using your language&#39;s text rendering features<\/li>\n<li>Encrypt the original word and store it in a hidden form variable<\/li>\n<li>Your validation script decrypts and reverses the original word to check for a match<\/li>\n<\/ol>\n<p>This allows us to maintain the human readability, while throwing another obstacle at robo-spammers.<\/p>\n<p>&nbsp;<\/p>\n<h3>Shapes?<\/h3>\n<p><img loading=\"lazy\" alt=\"\" class=\"alignright size-full wp-image-849\" height=\"100\" src=\"http:\/\/www.sitekickr.com\/blog\/wp-content\/uploads\/2012\/09\/shape-captcha.jpg\" title=\"shape-captcha\" width=\"200\" \/><\/p>\n<p>Using a similar technique as above, we could pass an encrypted version of the answer, or the actual shape in a hidden form variable.<\/p>\n<p>&nbsp;<\/p>\n<h3>Come right out with it<\/h3>\n<p>I am a &nbsp; &nbsp; <input type=\"radio\" \/> Robot &nbsp; &nbsp; &nbsp; <input type=\"radio\" \/> Alien &nbsp; &nbsp; &nbsp; <input type=\"radio\" \/> Monkey &nbsp; &nbsp; &nbsp; &nbsp; <input type=\"radio\" \/> Human &nbsp; &nbsp; &nbsp; &nbsp; <input type=\"radio\" \/> Caveman &nbsp; &nbsp; &nbsp; &nbsp; <input type=\"radio\" \/> Ghost<\/p>\n<p>I honestly have no idea how this would pan out. It would give unfamiliar bots a run for their money, and maybe get a giggle out of your users.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>What I&#39;m trying to convey in the ideas above is that CAPTCHAs, which are always a nuisance for your user, could be made a bit more interesting, and easier to complete, with a little creativity.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The CAPTCHA (Completely Automated Public Turing Test To Tell Computers and Humans Apart) has been evolving in recent years in attempt to close in on&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"amp_status":""},"categories":[122,123],"tags":[213,82],"_links":{"self":[{"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/posts\/809"}],"collection":[{"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/comments?post=809"}],"version-history":[{"count":23,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/posts\/809\/revisions"}],"predecessor-version":[{"id":1655,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/posts\/809\/revisions\/1655"}],"wp:attachment":[{"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/media?parent=809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/categories?post=809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sitekickr.com\/blog\/wp-json\/wp\/v2\/tags?post=809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}