Good solution but hard to scale and has internationalization issues.
Captchas, being entirely algorithm generated can be more easily cracked
by algorithms, or by cheap labor. It's just hard to come up with
solutions that work for a globalized internet. There is always a
security usability trade off. This is why some kind of central
authentication system needs to be worked out, like OpenID. Then you can
burn a lot of resources one time with human intervention or whatever to
authenticate, spreading that cost over lots of disparate sites. Lock all
the treasures in one vault with one good lock rather than thousands of
little vaults with separate weak locks. Of course that highlights the
failure point of that solution. If the good lock fails they bad guys
have access to all the treasure.
CB
Jane Lee wrote:
Actually, the biggest problem with captchas is that employing a human to
read them is cheap enough in many cases with a higher hit rate than OCR.
While google and the like will have an increasingly hard time figuring out
the legitimate users from the spammers, most small sites can get away with a
different type of captcha, I've mentioned this on twitter before, but one
such implementation is at lemurcatta.org. Works fantastic for blogs -
basically get the user to select what was mentioned in the blog post they're
attempting to comment on, and possibly ask some additional questions only
readers of the blog would know how to answer. Very trivial if you're a
legitimate person wanting to comment, a bit harder and possibly not worth
the effort if you're a random troll or spammer.
cheers,
jane
On Wed, Sep 24, 2008 at 1:41 PM, Chris Blouch <[EMAIL PROTECTED]> wrote:
This was discussed at length on the list previously so you might want to
check the archives. That said, it's mainly a cognitive puzzle that tries to
validate that you are a person and not some script trying to gain access.
Visual captchas are usually letter which have been swirled around with noise
to be hard for an OCR program to read and hard for a real person as well.
Audio captchas do similar things to spoken letters. I suggested before that
this is an arms race which will end badly. Either the captchas will get so
hard to discern that people can't get in or the scammer's algorithms will
improve to the point where captchas add no security. Either way captchas
will become useless.
CB
Jude DaShiell wrote:
The purpose of captcha is to make it nearly impossible for sighted people
to log in and impossible for the rest of us.
On Wed, 26 Mar 2008, UCLA Bruins Fan wrote:
Can anyone tell me what the function of CAPTCHAS is supposed to be? Why
are they needed on so many sites? Do they really perform any function other
than making it difficult for blind users to access sites?
Olivia
