tags:

views:

325

answers:

5
+2  Q: 

How can the CAPTCHA process be more user friendly or better implemented?

I have used CAPTCHA on my various web sites in the standard manner where I generated some obfuscated string of characters (odd pair of words, random number, etc.) in an image for the user to manually reproduce in a text box. I am also aware of recaptcha.net which extends the basic functionality of screening bots from humans and as well as helping to digitize books. I just came across another way of performing CAPTCHA with the AJAX Fancy CAPTCHA jQuery plugin which rather than asking the user to reproduce a string instead asks the user to drag an image that is readily recognizable (scissors, pencil, book, etc.) into an area that is equally recognizable. When I saw this I had to say to myself "WOW...that's cool!"

Question: Does anyone out there have any other examples of a neat and different way of performing CAPTCHA without having to generate a random string of characters into an image for the user to try and read (or regenerate until they can) so that they can manually type it into a box?

+1  A: 

I know I am not particularly helpful in this answer, feel free to downvote me if it's the case, but I want to present my technical opinion (albeit of a non-expert) on captchas.

As someone said, the captcha is an antipattern of the web. Its purpose is to let you demonstrate that you are human, by doing something that only a human (purposely) can do. Fact is that, despite the captchas, the only achieved result has been to improve pattern recognition for software, producing better bots. In this sense, it can be said that the final, real purpose of captchas was not to select humans from bots, but select better bots (or cheap workers) from lousy ones.

What you are asking is actually a matter of current research. I've seen stuff like selecting cats from dogs, solving simple math problems, recognizing apples from oranges, counting the number of people in a photo, but in the end I doubt you will get something more proficient or user friendly than what's currently available. In the end, the pure fact of having to solve a captcha is user-unfriendly.

Stefano Borini  2009-07-20 22:21:11
+1  A: 

You can have your users tell dogs and cats apart. Microsoft's Asirra.

asperous.us  2009-07-20 22:22:55
Oh yes...this is exactly what I was looking for. A non-subjective test that tells you straight away if this is a person or not...but using subject matter that is of a true/false nature. In general it would be very difficult for one to confuse a cat from a dog. I can see so many other forms of this in my mind.
Andrew Siemer  2009-07-20 22:30:52
@Stefano Borini - This does help to both prove and disprove your point "In this sense, it can be said that the final, real purpose of captchas was not to select humans from bots, but select better bots (or cheap workers) from lousy ones." This form of CAPTCHA (asirra) would very easily remove all bot fluff. However it would not remove the "cheap worker" concept!
Andrew Siemer  2009-07-20 22:32:50
It will remove it until someone either finds a way to let a computer distinguish between dog and cats, or they crack the captcha so to override it in some way. In this sense, it is an eternal fight.
Stefano Borini  2009-07-20 22:38:13
A bot would still be able to guess the CAPTCHA 50% of the time, so that idea is pointless.
akway  2009-07-20 22:53:08
Since the service has you figure out multiple pictures, (not just 2), the percent is way less then 50%. Second, if you looked on the site, it says that studies have shown it is hard for computers to tell cats and dogs apart, but easy for humans.
asperous.us  2009-07-20 23:10:55
Looks like MS took the idea from the old Kitten Auth project. As a side note I made the suggestion to Stack Overflow that they adopt some sort of image based authentication but they like captcha.
Preston  2009-07-20 23:31:29
In studies, 8 out of 10 bots prefer whiskas.
skaffman  2009-07-21 11:11:11
+3  A: 

I'd like to see ReCAPTCHA implemented for images that a computer can't tell whether or not they're pornography. Web filter companies could pay free porn sites to use this system to better fill out their blacklists. The free porn sites could then make more porn, and the web filters would have more porn to block.

Dean Putney  2009-07-20 22:39:50
Interesting idea, but I'm not sure it would work in practice. You could easily get people to rate, for example, Michelangelo's David, as 'adult' simply because the guy is missing his loincloth, even though most people I know would (and do) show the statue to their children.
Dan Walker  2009-07-20 22:46:27
Remember the old adage that applies to many different X: "X is like pornography... hard to define, but I know it when I see it."
Stefano Borini  2009-07-20 22:46:43
This would actually work as ReCaptcha doesn't just accept the first persons entry as gospel. It takes the entries of many people and if it sees that the majority says it is in fact a duck...then the word is classified as such. The same could go for pornography...if everyone says it is sex...then it probably is sex! And just allowing someone to say "pornography" wouldn't be the way to go. I would suggest a categorization system that people could apply to the image...then you could classify the categories in the back end as you see fit. "exposed penis", "exposed breast", "penetration", etc.
Andrew Siemer  2009-07-23 23:15:00
Categorization is a good way to add some complexity to it. I was kind of joking when I wrote the answer, but now I wonder if it's actually a good possibility...
Dean Putney  2009-07-24 00:49:41
A: 

A CAPTCHA should be a last resort, having tried other alternatives. For example you can use a honeypot technique, that uses a form field that’s invisible to a user but visible to a bot – if it gets filled in, you know it’s not from a human.

In some cases you can experiment with softer CAPTCHAs like riddles or simple math problems. The best tactic - from a User Experience perspective - is to start as soft as possible, and only ramp up if bots become a real problem.

Harry  2009-07-21 11:05:42
A: 

Here's a human-friendly captcha that asks users to identify pictures of various things: http://www.confidenttechnologies.com/products/confident_CAPTCHA.php

It's tough on bots becuase it presents a grid of images that change with each session and it has many different categories of images. It's easier on people, though, because it's easy for people to recognize pictures of common things like dogs, flowers and cars.

As far as the issue of preventing teams of people used in other countries to break captchas for money, a partial solution would be to incorporate some intelligence and risk analysis into the captcha so the captcha can become more difficult or require more steps if the user is from a suspicious IP address or is attempting to solve hundreds of your captchas daily. If the captcha is more difficult for these teams of people, then they can solve less per hour and it becomes a deterrant because it is not as profitable for them. They would have to have a strong desire to attack that specific site, rather than just go to some other site that doesn't have captcha or has a weaker captcha.

Confident Technologies  2010-05-05 17:00:09

related questions

Best way to limit (and record) login attempts
Implementing captcha in a stateless REST web-service environment
How to break CAPTCHA ?
Are there any alternatives to recaptcha.net, for stopping spam?
Captchas to force user interaction?
How do you stop scripters from slamming your website hundreds of times a second?
Has reCaptcha been cracked / hacked / OCR'd / defeated / broken?
Are CAPTCHAs Accessible?
Problem with Recaptcha
My reCaptcha gets Page.IsValid=False always... when using onClientClick="return validate()"
What is a CAPTCHA that is compatible with ASP.NET MVC ?
Are there open source CAPTCHA solutions available?
What is the best "captcha" for use within a struts framework?
How to make reCAPTCHA work with a ValidationGroup in ASP.Net (captcha)
Integrating Captcha with Spring Security
What's the best scheme for eliminating blog- or comment-spam
Harder, Better, Faster, Stronger... Techniques for an image-based CAPTCHA?
When the bots attack!
Rails state of the art for spam prevention
So, if CAPTCHA's on the way out, what comes next?
Most effective form of CAPTCHA?
Simple third party Captcha I can add to my website.
Are you human? (or How to prevent spam)
Practical non-image based CAPTCHA approaches?
Is there an Unobtrusive Captcha for web forms?