Time to Re-Think CAPTCHA?

This week, reports have surfaced that spammer activity is increasing on Microsoft and Google sites that employ CAPTCHA. CAPTCHA is a method for distinguishing between human users and programs used to automatically enter information. Those who would like to create large amounts of e-mail accounts or efficiently add SPAM content to blog comments or message boards are constantly scheming new methods for circumventing CAPTCHAs. Meanwhile, web site administrators continue to invent creative techniques for detecting computers masquerading as human.

As the battle continues, though, it’s humans who are having more trouble reading CAPTCHAs. Speaking for myself, I find that many CAPTCHA challenges are not very easy to decipher. If it is case-sensitive, for example, there are many capital letters that can be mistaken for lower-case if distorted the right way, and there is no feedback that allows me to correct myself if I can’t read it.

Now, I’m not saying that I have ever been completely fooled by a CAPTCHA to the point that I wasn’t able to create an account or post a comment. Humans will eventually get through, but if users find them difficult, and they no longer effectively prevent spamming, maybe more thought needs to be applied to the problem. Here are some suggestions I have found for methods to weed out spamming programs.

• Pick the cats – Given a set of pictures, choose the ones that are of cats. Another variation has the user choose the person judged hottest on HOTorNOT. This might be a little more work than someone would like to do especially if there are twenty images to judge. Also, the authors of the Google CAPTCHA crack claim to be able to crack these as well.
• Solve the math problem – Examples of these are normally complex-looking problems that, upon further inspection, are not so difficult. Unfortunately, many people don’t remember what a derivative is or what sin(-π/2) equals. Another problem is that a lot of these problems come out to some simple answer like one or zero, and spammers might eventually figure that out.
• Decipher the hieroglyphics – Another method uses an image with symbols that can be deciphered using the key at the bottom. I think this is the best of the ones I’ve mentioned so far. It might slow you down some, but it’s not too hard. I can’t say it’s perfect though because I think a determined spammer could develop an automated solution to these.

Before today, I had not put much thought into the subject, but now that I have pondered it some, I have an idea. Have users follow instructions or answer a question in which each word has been randomly modified by adding, removing, or transposing letters. People have to read through typos every day. Computers would be fooled, and the time lost to solving the problem would be minor.

Sgo, waht do oyu tink? Ad a commnet if yuo ave ayn thouhgts or idetas.