Building a Better CAPTCHA

[Terry Olaes]

Anti-spam CAPTCHA technology is in wide use these days and has been cracked in a number of applications. ComputerWorld takes a look at the beleaguered tech and how it’s evolving to stay ahead of the hackers.

… it should also be kept in mind that, even as bot-based CAPTCHA attacks are held at bay, there's no effective defense against humans breaking CAPTCHAs for money. All that any CAPTCHA system, or any other security measure, can really do is slow down would-be crackers.

 

[Grentz]

They could just use the method some sites are using now...make it so damn hard to read even humans cannot read it half the time.

 

[Kil4Thril]

They could just use the method some sites are using now...make it so damn hard to read even humans cannot read it half the time.

That was going to be my comment. I have one hell of a time seeing these sometimes, especially when they do pink on purple or purple on pink. Maybe its my monitor.

 

[Tekara]

Yeah, same thoughts as most others . . .

 

[EvilAlchemist]

They are a pain in the butt to figure out when drunk ......

makes finding nude women even harder in a time of need ..........

Damn you spammers ....

 

[UrielDagda]

Oh goody, I can look forward to even more bizarre, psychedelic-induced headaches, thanks to the guys at CAPTCHA.

 

[[H]adouken]

Simple way is to ask it to choose between NVIDIA and ATI, if it chooses ATI it's a g'damn robot.

Oops.

 

[Joe Average]

Now if only they'd create one that actually works, then apply it to places that so desperately need it, like Craig's List (since those lazy bastards that own the service won't do a damned thing about it, unfortunately).

But, alas, as soon as someone creates a killer awesome unbreakable CAPTCHA, someone will create the proverbial "black Magic Marker" and do a little flourish with it - like the CD copy protection thing from years ago - and voila, 10 trillion pieces of spam...

 

[Sparky]

Just make it easier to read. I have lost numerous posts/info because I entered the wrong word. So effing hard to tell what it is on some sites.

 

[S-B]

CAPTCHA is getting fucking ridiculous. Some sites use stuff that is IMPOSSIBLE to decipher half the time, especially what vBulletin uses. Plus there's that audio thing Google uses, which I have never been able to understand.

reCAPTCHA has done an excellent job. Everyone should be using their service. It does a good job of obscuring the text to bots, while maintaining high legibility for human readers, and, most importantly, it helps digitize text.

 

[HOCP4ME]

http://xkcd.com/233/

Sorry, I had to do it.

 

[Ockie]

They already have a better CAPTCHA out there, it's called ReCAPTCHA, it not only requires human entries, but it monitors how fast one can enter the data because typically human breaching involves an automated process also.

Also, another method to eliminate this problem is have a long registration process, the time it takes to register at a manual pace usually throws out breachers.

There is also other human factors which can be added, such as using English specific CAPTCHA questions and entries which are confusing to those who are cheap labor (foreign). Most of these cheap labor CAPTCHA breach firms rely on their users to input WYSIWYG (copy the CAPTCHA).

 

[Markistehnamezor]

or they can use a stupid thing myspace does.

Step one:
Type Message
Step two:
Press enter:
step three:
Press enter again.
Step four:
repeat step two to four.

 

[HOCP4ME]

I like the ones that ask a simple question, like "what is the color of the banner on top of this page?" No annoying characters to read, computers can't breach them, and non-English-speaking humans can't breach them, either.