Alternatives to CAPTCHA
Google just bought RECAPTCHA... mostly to help scan their huge digital archive of books (and to train their robot army), but I think they need to find some other way rather than encourage use of a CAPTCHA. CAPTCHA sucks. It is a huge barrier between your users and what they want to do and 99%* of the time it is unnecessary. This should be the last resort for the most bot-targeted of websites, so your wedding site's guestbook does not need a CAPTCHA. Commenting on your blog does not need a CAPTCHA. Signing up for your new web app does not need a CAPTCHA. In 10 years I think we will look back on these methods and think to ourselves "How was that ever acceptable?".
There are some ways to check if someone is human without using any CAPTCHA:
- Check the time it takes between loading the page and submitting the form. If it's too quick, it's a bot.
- Put the form on a separate page and then check for a valid referring page. A bot will usually not navigate to the form, it will try to submit the form directly.
- If your site requires javascript, use javascript to build your form.
- Bots target mass websites built on generic platforms... like wordpress and phpbb. Change up your form template a little bit, you will probably stop most bots.
- Use something like OpenID, Facebook, and/or Twitter for authorization. Making it a little harder (for now) to automate.
If you do use a CAPTCHA, try something simple. Have them answer a simple question or select a photo of a cat. On my phpbb forum, I simply asked the user to type in a specific word and that stopped all bot registrations (and insures your users can read).
These alternatives are not unstoppable. A dedicated bot-builder could get around them, but they would have to target your site specifically and then maintain it as you make changes. Chances are no one wants to spam your Contact Us form that bad.
*81% of all statistics are made up on the spot
http://xkcd.com/233/
Comments [0]