July 20, 2011
As part of our “From the Lab” series, I will be presenting some ideas and experiments that we currently have going on. In this “From the Lab”, I will explore a different way to employ a CAPTCHA test on a web form.
So what is CAPTCHA?
To start, CAPTCHA (Completely Automated Public Turing Test To Tell Computers and Humans Apart) is a common technique deployed on web forms to avoid spam messages or bogus information being sent through them. CAPTCHA often manifests itself as an obtuse set of characters that you have to enter in order to submit information through the form.
Why use CAPTCHA?
In one word: SPAM. In a hyphenated word: SPAM-BOTS. It is common for spam-bots (evil creatures that crawl from page to page looking for web forms to repeatedly submit ridiculous amounts of spam through) to target un-protected web forms and cause havoc on the systems they penetrate. CAPTCHA basically acts as an additional deterrent to spam-bots due to the fact that they cannot “see” what the characters in the image are. But can they? Due to the complexity of the images that are used by Google, Yahoo, Twitter and Facebook, perhaps the spam-bots can do more than meets the eye.
Issues we hope to resolve:
There are 3 main issues that we found with the most common form of CAPTCHA (the “enter the characters from the image” test) and they are:
A New Kind of CAPTCHA: CLICKTCHA
Enter CLICKTCHA, a new spin on a tested concept which follows the same principle as CAPTCHA but is a little more user friendly. To our knowledge, this test cannot be defeated by spam-bots because it involves using the mouse to move items around, as oppose to entering information. Once implemented, the spam-bot defense can be taken a step further by encrypting the CLICKTCHA identifiers and processing all of the verification and decryption server-side. Boo-yah!!
Example of Clicktcha:
Sometimes it is best just to use it for yourself rather than read someone else’s gabs about it so click on the Clicktcha Example and try it out. This is just an example so feel free to pump it full of fake info. To submit, you have to order the CLICKTCHA items in the order specified. On the list of things to do is a plugin for WordPress as well as other popular blogging sites and copy paste implementation for those who like to hand code (like we do). Our goal is to get it down to as little work as possible to implement CLICKTCHA on any web form. Much to do, but we are working on it. :)
In the small amount of testing that we have done for usability, CLICKTCHA has been known to not be so friendly with older browsers (blanket statement but especially IE, uggh!) and touchscreen smartphone browsers. Sadly, we have not advanced in the mobile phone touch screen world enough to distinguish a click and drag from a click on most touch screen phones. This being said, you can always set your website to catch the browser type and compensate with the good ol’ CAPTCHA method for the incompatible browsers.
And to you…
What do you think? Is CLICKTCHA better than CAPTCHA? Which would you rather use?