Good question. I'm not saying that this is the best idea out there, but
if desktop (and third party non web apps) developers have problems I
tihnk we should at least start entertaining some suggestions. Some may
pan out better than others, but at least get the ideas out there.
On 1/22/2010 1:14 PM, Abraham Williams wrote:
How does Twitter verify which user is completing the CAPTCHA?
On Fri, Jan 22, 2010 at 07:06, John Meyer <john.l.me...@gmail.com
On 1/22/2010 7:48 AM, Josh Roesslein wrote:
Not 100% sure what you are suggesting. Are you suggesting for the
authorization step that instead of directing the user to twitter
instead receive a captcha image which the user inputs that # and we
send back to get the access token?
I am not sure that is such a good idea, mainly because captchas are
pretty easy to interpret by machines. It's just too risky that an
attacker will guess the correct value and thus gain entry to some
user's account. If I am misinterpreting your idea, please let me
Pretty easy is relative. While there are programs to crack CAPTCHAs
out there, they still are more effective than traditional
username/password combinations. And I still would insist that this
method would be an accomidation for desktop and mobile clients who
may have difficulty displaying web pages. Barring that, the only
alternative I could see is turning every program into a de facto web
Abraham Williams | Moved to Seattle | May cause email delays
Project | Intersect | http://intersect.labs.poseurtech.com
Hacker | http://abrah.am | http://twitter.com/abraham
This email is: [ ] shareable [x] ask first [ ] private.
Sent from Seattle, WA, United States